The Samba-Bugzilla – Attachment 7853 Details for
Bug 9106
Windows 7 x64 - Adding printers via Share name
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log file of Windows x64 client while trying to download printer drivers
log.panama (text/plain), 3.94 MB, created by
Sean Ryan
on 2012-08-30 19:33:23 UTC
(
hide
)
Description:
Log file of Windows x64 client while trying to download printer drivers
Filename:
MIME Type:
Creator:
Sean Ryan
Created:
2012-08-30 19:33:23 UTC
Size:
3.94 MB
patch
obsolete
>[2012/08/30 15:27:51.663228, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 > >[2012/08/30 15:27:51.663529, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [ACR]\[administrator] from workstation [PANAMA] >[2012/08/30 15:27:51.663696, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for administrator (administrator) >[2012/08/30 15:27:51.663820, 5] auth/user_info.c:70(make_user_info) > making strings for administrator's user_info struct >[2012/08/30 15:27:51.663940, 5] auth/user_info.c:87(make_user_info) > making blobs for administrator's user_info struct >[2012/08/30 15:27:51.664059, 10] auth/user_info.c:123(make_user_info) > made a user_info for administrator (administrator) >[2012/08/30 15:27:51.664178, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [ACR]\[administrator]@[PANAMA] with the new password interface >[2012/08/30 15:27:51.664325, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [ACR]\[administrator]@[PANAMA] >[2012/08/30 15:27:51.664610, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2012/08/30 15:27:51.664728, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2012/08/30 15:27:51.664845, 5] ../lib/util/util.c:415(dump_data) > [0000] E1 F9 1B D6 03 B5 83 8C ........ >[2012/08/30 15:27:51.664976, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [administrator] >[2012/08/30 15:27:51.665092, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2012/08/30 15:27:51.665212, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [administrator] >[2012/08/30 15:27:51.665328, 8] lib/util.c:1521(is_myname) > is_myname("ACR") returns 0 >[2012/08/30 15:27:51.665477, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.665644, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.665763, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.665880, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.665996, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.666609, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.666781, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2012/08/30 15:27:51.666902, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://192.168.30.15:389 >[2012/08/30 15:27:51.667399, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2012/08/30 15:27:51.667568, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://192.168.30.15:389 as "cn=djadmin,dc=acr,dc=lab" >[2012/08/30 15:27:51.671439, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2012/08/30 15:27:51.671895, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2012/08/30 15:27:51.674783, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: administrator >[2012/08/30 15:27:51.675074, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.675262, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.675380, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.675516, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.675696, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.675839, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2012/08/30 15:27:51.675966, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2012/08/30 15:27:51.676086, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2012/08/30 15:27:51.676207, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2012/08/30 15:27:51.676332, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2012/08/30 15:27:51.676456, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.676580, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2012/08/30 15:27:51.676860, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.677005, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2012/08/30 15:27:51.677149, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.677272, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2012/08/30 15:27:51.677393, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.677515, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2012/08/30 15:27:51.677632, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.677756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2012/08/30 15:27:51.677879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2012/08/30 15:27:51.678000, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLMPassword does not exist >[2012/08/30 15:27:51.678151, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.678292, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.678411, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.678529, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.678646, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.679272, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.680168, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.680288, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.681814, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.681981, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.682286, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.682460, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2012/08/30 15:27:51.682583, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2012/08/30 15:27:51.682708, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2012/08/30 15:27:51.682922, 5] passdb/login_cache.c:47(login_cache_init) > Opening cache file at /var/cache/samba/login_cache.tdb >[2012/08/30 15:27:51.683163, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user administrator >[2012/08/30 15:27:51.683288, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2012/08/30 15:27:51.683406, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2012/08/30 15:27:51.683604, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.683727, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.683845, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.683980, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.684098, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.684299, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.684497, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.684633, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.685880, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.686041, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.686266, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.686462, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.686619, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.690763, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.691009, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.691132, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.691251, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.691371, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.691515, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.691763, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.691955, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.692075, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.692197, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.692356, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.692487, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.692606, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.692728, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.692847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.692964, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.693100, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.693219, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.693336, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.693453, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.693573, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.693765, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.693884, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.694040, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.694253, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.694383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.694555, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [ACR] >[2012/08/30 15:27:51.694805, 4] auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user administrator >[2012/08/30 15:27:51.694947, 5] auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user administrator allowed to logon at this time (Thu Aug 30 19:27:51 2012 > ) >[2012/08/30 15:27:51.695121, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.695240, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.696479, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.696621, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.696740, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.697243, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.697961, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.698091, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.698213, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.698338, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.698457, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.698650, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.698799, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.698923, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.699084, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.699227, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.699348, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.699468, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.699624, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.699833, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.700030, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.700150, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.701944, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.703011, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.703220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.703344, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.703462, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.703638, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.703759, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.703876, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.704067, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.704194, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.704311, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.704432, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.704602, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [administrator] >[2012/08/30 15:27:51.719284, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 512 >[2012/08/30 15:27:51.719419, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.720406, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.720526, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.720662, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.720779, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.721026, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2012/08/30 15:27:51.722830, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 512 >[2012/08/30 15:27:51.723023, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.723144, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 512 -> sid S-1-5-21-3266308635-3715972288-3547500332-512 >[2012/08/30 15:27:51.723303, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 514 >[2012/08/30 15:27:51.723422, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.723579, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.723710, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.723827, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.723944, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.724131, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=514))], scope => [2] >[2012/08/30 15:27:51.725807, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 514 >[2012/08/30 15:27:51.725952, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.726086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 514 -> sid S-1-5-21-3266308635-3715972288-3547500332-514 >[2012/08/30 15:27:51.726232, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 515 >[2012/08/30 15:27:51.726351, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.726489, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.726608, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.726727, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.726844, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.727049, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] >[2012/08/30 15:27:51.728534, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 515 >[2012/08/30 15:27:51.728718, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.728867, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 515 -> sid S-1-5-21-3266308635-3715972288-3547500332-515 >[2012/08/30 15:27:51.728998, 5] auth/server_info_sam.c:120(make_server_info_sam) > make_server_info_sam: made server info for user administrator -> administrator >[2012/08/30 15:27:51.729122, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.729246, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: sam authentication for user [administrator] succeeded >[2012/08/30 15:27:51.729369, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.729487, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.729616, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.729736, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.729836, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.730047, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.730185, 5] auth/auth.c:296(check_ntlm_password) > check_ntlm_password: PAM Account for user [administrator] succeeded >[2012/08/30 15:27:51.730302, 2] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: authentication for user [administrator] -> [administrator] -> [administrator] succeeded >[2012/08/30 15:27:51.730475, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for administrator >[2012/08/30 15:27:51.730676, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/08/30 15:27:51.730796, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.730915, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.731100, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.731219, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.731335, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.731772, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.733429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.733611, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.733738, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.733860, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.733979, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.734101, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.734220, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.734337, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.734741, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/08/30 15:27:51.734870, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.735001, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.735124, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.735242, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.735358, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.735603, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.737586, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.737768, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.737892, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.738020, 5] passdb/pdb_util.c:128(create_builtin_administrators) > create_builtin_administrators: Failed to create Administrators >[2012/08/30 15:27:51.738168, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.738336, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/08/30 15:27:51.738456, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.738575, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.738717, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.738842, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.738959, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.739175, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2012/08/30 15:27:51.741062, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2012/08/30 15:27:51.741250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.741375, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2012/08/30 15:27:51.741498, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.741616, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.741749, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.741873, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.741990, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.742230, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/08/30 15:27:51.742353, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.742472, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.742590, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.742725, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.742842, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.743033, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2012/08/30 15:27:51.745680, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2012/08/30 15:27:51.745856, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.745976, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2012/08/30 15:27:51.746120, 5] passdb/pdb_util.c:99(create_builtin_users) > create_builtin_users: Failed to create Users >[2012/08/30 15:27:51.746242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.746361, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.746478, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.746613, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.746730, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.746846, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.747138, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-1001)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-513)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-512)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-514)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], scope => [2] >[2012/08/30 15:27:51.748732, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.748999, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-21-3266308635-3715972288-3547500332-1001 > Privilege set: 0x10 >[2012/08/30 15:27:51.749191, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-513] >[2012/08/30 15:27:51.749316, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-512] >[2012/08/30 15:27:51.749445, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-514] >[2012/08/30 15:27:51.749570, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-515] >[2012/08/30 15:27:51.749695, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/08/30 15:27:51.749880, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/08/30 15:27:51.750005, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/08/30 15:27:51.750131, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: 0x1ffffff0 >[2012/08/30 15:27:51.750413, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2012/08/30 15:27:51.750536, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.750655, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.750784, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.750908, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.751025, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.751204, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1001. >[2012/08/30 15:27:51.751295, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.751413, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.751552, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.751678, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.751795, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.751976, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752094, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.752211, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752357, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.752487, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.752678, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.752799, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752943, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.753061, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.753178, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.753295, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.753490, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.753618, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.753738, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.753860, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.753978, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.754118, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.754253, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.754372, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.754491, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.754610, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.754733, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.754851, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.754968, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.755085, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.755205, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.755393, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.755567, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.755697, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.755879, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.756016, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.756144, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.756274, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.756394, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.756519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.756648, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) > LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 is a User, expected a group >[2012/08/30 15:27:51.756776, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.756896, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.757013, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.757138, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.757254, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.757448, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1001. >[2012/08/30 15:27:51.757575, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.757693, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.757814, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.757932, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.758050, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.758252, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.758375, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.758491, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.758609, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.758743, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.758937, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759057, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.759177, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759294, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.759428, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.759591, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.759782, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759909, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.760032, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.760151, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.760425, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.760546, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.760686, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.760805, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.760923, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.761041, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.761179, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.761316, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.761434, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.761569, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.761695, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.761891, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.762031, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.762153, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.762334, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.762475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.762613, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.762732, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.762854, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.762976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.763094, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) > LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 -> uid 10000 >[2012/08/30 15:27:51.763219, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.763356, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.763475, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.763649, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.763774, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.763968, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2012/08/30 15:27:51.766003, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) >[2012/08/30 15:27:51.766187, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.766309, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/08/30 15:27:51.766450, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/08/30 15:27:51.766572, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.766692, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.766810, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.766948, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.767065, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.767256, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2012/08/30 15:27:51.769416, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2012/08/30 15:27:51.769593, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.769713, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/08/30 15:27:51.769867, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/08/30 15:27:51.769995, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.770112, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.770230, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.770365, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.770543, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.770735, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] >[2012/08/30 15:27:51.772466, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) >[2012/08/30 15:27:51.772635, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.772755, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/08/30 15:27:51.772876, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/08/30 15:27:51.773006, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.773130, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.773248, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.773365, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.773486, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.773676, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.775342, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.775535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.775688, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.775812, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.775934, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2012/08/30 15:27:51.776056, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2012/08/30 15:27:51.776174, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2012/08/30 15:27:51.776322, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-32-544 to gid, ignoring it >[2012/08/30 15:27:51.776454, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.779018, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.779537, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) > Got NT session key of length 16 >[2012/08/30 15:27:51.779697, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) > Got LM session key of length 8 >[2012/08/30 15:27:51.779817, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2012/08/30 15:27:51.779941, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: >[2012/08/30 15:27:51.780058, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2012/08/30 15:27:51.780794, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (10000,513) administrator administrator ACR guest=0 >[2012/08/30 15:27:51.780913, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: administrator Real name: administrator >[2012/08/30 15:27:51.781035, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 10000 is UNIX user administrator, and will be vuid 100 >[2012/08/30 15:27:51.781740, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F333035342F3130 >[2012/08/30 15:27:51.781988, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c008860 >[2012/08/30 15:27:51.782209, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F333035342F3130 >[2012/08/30 15:27:51.782372, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find administrator >[2012/08/30 15:27:51.782581, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.782740, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.782864, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.782983, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'administrator' using home directory: '/home/administrator' >[2012/08/30 15:27:51.783343, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 6 for administrator >[2012/08/30 15:27:51.783467, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 6 for service name administrator >[2012/08/30 15:27:51.783700, 3] param/loadparm.c:6582(lp_add_home) > adding home's share [administrator] for user 'administrator' at '/home/%u' >[2012/08/30 15:27:51.783852, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 > >[2012/08/30 15:27:51.784290, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.784353, 5] lib/util.c:342(show_msg) > size=94 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=65279 > smb_uid=100 > smb_mid=5184 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=51 >[2012/08/30 15:27:51.785361, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [0020] 00 2E 00 36 00 2E 00 37 00 00 00 41 00 43 00 52 ...6...7 ...A.C.R > [0030] 00 00 00 ... >[2012/08/30 15:27:51.787401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 78 >[2012/08/30 15:27:51.787803, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4e >[2012/08/30 15:27:51.787923, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 82 (0 toread) >[2012/08/30 15:27:51.788040, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.788313, 5] lib/util.c:342(show_msg) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=5248 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2012/08/30 15:27:51.789327, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E > [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [0020] 3F 3F 00 ??. >[2012/08/30 15:27:51.789599, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 3054) conn 0x0 >[2012/08/30 15:27:51.789719, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.789837, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.789978, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.790167, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:51.790342, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2012/08/30 15:27:51.791125, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2012/08/30 15:27:51.791319, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:51.791444, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.792428, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.792564, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.792707, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.792848, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.792969, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.793086, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.794009, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.794212, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.795567, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.795800, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.795921, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.796039, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.796161, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.796360, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.796537, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.796914, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.798557, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.798985, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.799123, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.799241, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.799396, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.799565, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.799700, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.799825, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user administrator >[2012/08/30 15:27:51.799984, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.800102, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.800225, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.800348, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.800469, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2012/08/30 15:27:51.800701, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:51.800893, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2012/08/30 15:27:51.801064, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/08/30 15:27:51.801318, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2012/08/30 15:27:51.801446, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2012/08/30 15:27:51.801589, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2012/08/30 15:27:51.801709, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2012/08/30 15:27:51.801827, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2012/08/30 15:27:51.801948, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/08/30 15:27:51.802158, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2012/08/30 15:27:51.802324, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:51.802482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00dcd0 >[2012/08/30 15:27:51.802708, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:51.802979, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.803106, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.803229, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.803346, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.803575, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.803724, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.803865, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.803982, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.804099, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.804302, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.805583, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.805741, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.805864, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.805984, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.806123, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.806243, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.806361, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.806557, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.808073, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.808234, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.808530, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.808784, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.808927, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.809065, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.809187, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.809308, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user administrator >[2012/08/30 15:27:51.809460, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user administrator >[2012/08/30 15:27:51.809597, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:51.809756, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.809881, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.812574, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.812996, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:51.813126, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.813246, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.813364, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.813549, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:51.813676, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.813831, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp >[2012/08/30 15:27:51.814004, 3] smbd/service.c:1114(make_connection_snum) > panama (192.168.30.50) connect to service IPC$ initially as user administrator (uid=10000, gid=513) (pid 3054) >[2012/08/30 15:27:51.814135, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2012/08/30 15:27:51.817377, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:51.817585, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:51.817705, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 106 (0 toread) >[2012/08/30 15:27:51.817823, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.817884, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5312 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:51.820572, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:51.820901, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.821026, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.821146, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.824355, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.824811, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:51.824960, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/08/30 15:27:51.825193, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:51.825363, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:51.825513, 5] smbd/files.c:140(file_new) > allocated file structure 13657, fnum = 17753 (1 used) >[2012/08/30 15:27:51.825702, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:51.825956, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:51.826240, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/08/30 15:27:51.826464, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/08/30 15:27:51.826610, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:51.826741, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:51.828529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:51.828860, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:51.829001, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 76 (0 toread) >[2012/08/30 15:27:51.829120, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.829182, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5376 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:51.830895, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 59 45 ED 03 ...YE.. >[2012/08/30 15:27:51.831038, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.831247, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.831468, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:51.831696, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:51.831819, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.831881, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5376 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:51.833525, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/08/30 15:27:51.835388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:51.835584, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:51.835733, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 228 (0 toread) >[2012/08/30 15:27:51.835852, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.835914, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5440 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17753 (0x4559) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:51.837649, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:51.839316, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.839453, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.839686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4559 name: spoolss len: 160 >[2012/08/30 15:27:51.839808, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:51.839928, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:51.840675, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:51.840856, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.841006, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.841129, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.841246, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:51.841389, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.841544, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.841662, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:51.841806, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.842380, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.845946, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:51.846158, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.846301, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:51.846420, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:51.846546, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.846678, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.848774, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:51.848962, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:51.851580, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:51.851759, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:51.851881, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 63 (0 toread) >[2012/08/30 15:27:51.852009, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.852072, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5504 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17753 (0x4559) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:51.853578, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:51.853644, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.853783, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.853936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.854060, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:51.854199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.854335, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:51.854455, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:51.857785, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:51.857947, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:51.858083, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 296 (0 toread) >[2012/08/30 15:27:51.858207, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.858269, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5568 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17753 (0x4559) > smb_bcc=225 >[2012/08/30 15:27:51.860390, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:51.861682, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.861857, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.862040, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:51.862299, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.862418, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.862580, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.863446, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4559) >[2012/08/30 15:27:51.863631, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:51.863755, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:51.863875, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:51.863993, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:51.864113, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.864232, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.864349, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.864470, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:51.864590, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.864738, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.864870, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:51.864997, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.865122, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:51.867443, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.867624, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.867771, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.867905, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:51.868065, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:51.868316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:51.871428, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:51.871620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.871903, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:51.872132, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:51.872379, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.872616, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:51 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:51.872859, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:51.873003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.873198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.873428, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:51.873584, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:51.877534, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.877717, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.878243, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.878368, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.878493, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.878616, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.878739, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.878857, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.879070, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.880348, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.880537, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.880660, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.880801, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.880920, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.881038, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.881158, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.881348, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.883872, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.884069, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.884196, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.884316, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.884465, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.884584, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.884705, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.884870, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:51.885024, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:51.885234, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:51.885387, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:51.885507, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:51.885647, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:51.886113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:51.887050, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:51.887239, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:51.887428, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:51.887620, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:51.887749, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.887866, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:51.888172, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:51.888370, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:51.888547, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.888746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.889455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:51.891313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.891569, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:51.891699, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:51.891820, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.891940, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.892058, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.892338, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.892565, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:51.892737, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:51.892856, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:51.892976, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.893095, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894129, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.894253, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894420, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894559, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:51.894681, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:51.894802, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.894919, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895054, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.895171, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895304, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895436, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:51.895919, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:51.896066, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896226, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896352, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.896471, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896668, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:51.896788, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:51.896929, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897083, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897203, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.897319, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897459, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:51.897578, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:51.897699, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.897816, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.897950, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.898068, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.898204, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.898338, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:51.898460, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:51.898581, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.898699, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.898818, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.898946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.899090, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.899254, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:51.899378, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:51.899540, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:51.899669, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:51.899787, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:51.899908, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:51.900032, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:51.900161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.900360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.900934, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:51.901131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:51.901614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.901813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.902026, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:51.902148, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:51.902268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:51.902772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:51.903222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.903422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.903618, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:51.903741, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:51.903859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:51.904504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.904989, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.905114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:51.905270, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.905407, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:51.905555, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:51.907105, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:51.907226, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:51.907355, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:51.907482, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:51.908427, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.908489, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5568 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:51.910034, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 11 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:51.912698, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:51.913134, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:51.913275, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 106 (0 toread) >[2012/08/30 15:27:51.913401, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.913464, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5632 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:51.915684, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:51.915896, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.916017, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.916140, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:51.916265, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:51.916407, 5] smbd/files.c:140(file_new) > allocated file structure 13658, fnum = 17754 (2 used) >[2012/08/30 15:27:51.916532, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:51.916803, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:51.916949, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:51.917103, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:51.917225, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:51.918521, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:51.918692, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:51.918844, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 228 (0 toread) >[2012/08/30 15:27:51.918966, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.919028, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5696 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17754 (0x455A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:51.920826, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:51.922070, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.922195, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.922329, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455a name: spoolss len: 160 >[2012/08/30 15:27:51.922449, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:51.922568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:51.922685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:51.922805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.922947, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.923071, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.923188, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:51.923310, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.923427, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.923691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:51.923816, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.923978, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.928520, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:51.928650, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.928926, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:51.929061, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:51.929182, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.929313, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.931221, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:51.931360, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:51.932213, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:51.932361, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:51.932500, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 63 (0 toread) >[2012/08/30 15:27:51.932619, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.932681, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5760 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17754 (0x455A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:51.935329, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:51.935413, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.935601, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.935726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.935865, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:51.935985, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.936112, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:51.936231, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:51.937054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 276 >[2012/08/30 15:27:51.937198, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x114 >[2012/08/30 15:27:51.937335, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 280 (0 toread) >[2012/08/30 15:27:51.937452, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.937549, 5] lib/util.c:342(show_msg) > size=276 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5824 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 192 (0xC0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=209 >[2012/08/30 15:27:51.939290, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ > [0020] 00 A8 00 00 00 00 00 45 00 00 00 02 00 09 00 00 .......E ........ > [0030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 00 00 00 00 00 00 00 .a.n.g.e ........ > [0050] 00 00 00 00 00 00 00 00 00 02 00 02 00 01 00 00 ........ ........ > [0060] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0070] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0080] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0090] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00A0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00B0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00C0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00D0] 00 . >[2012/08/30 15:27:51.940365, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.940516, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.940818, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=192 params=0 setup=2 >[2012/08/30 15:27:51.940939, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.941110, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.941228, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.941348, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.941467, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.941585, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 192 >[2012/08/30 15:27:51.941703, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.943273, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:51.943400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.943562, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.943704, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 176 >[2012/08/30 15:27:51.943828, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 >[2012/08/30 15:27:51.943948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.944066, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 176 >[2012/08/30 15:27:51.944196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 >[2012/08/30 15:27:51.944320, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.944445, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00c0 (192) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000a8 (168) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=168 > [0000] 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 02 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0040] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0050] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0060] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0070] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0080] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [0090] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00A0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:51.946781, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.946908, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.947030, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.947173, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:51.947295, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:51.947422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00020002 (131074) > 0: SERVER_ACCESS_ADMINISTER > 1: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange >[2012/08/30 15:27:51.949314, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange] >[2012/08/30 15:27:51.949442, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.949680, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange > Printer is a print server >[2012/08/30 15:27:51.949856, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange (len=8) >[2012/08/30 15:27:51.949979, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/08/30 15:27:51.950139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.950337, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2012/08/30 15:27:51.950455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.950972, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.951114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 176 >[2012/08/30 15:27:51.951247, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.951365, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:51.951493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:51.953569, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.953700, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:51.953820, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:51.953939, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.954004, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5824 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:51.955346, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 14 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:51.956414, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 164 >[2012/08/30 15:27:51.956560, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/08/30 15:27:51.956702, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 168 (0 toread) >[2012/08/30 15:27:51.956820, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.956885, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5888 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=97 >[2012/08/30 15:27:51.958728, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 03 00 00 ........ .P...... > [0020] 00 38 00 00 00 00 00 1A 00 00 00 00 00 14 00 00 .8...... ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 0A 00 00 .....?P. ........ > [0040] 00 00 00 00 00 0A 00 00 00 4F 00 53 00 56 00 65 ........ .O.S.V.e > [0050] 00 72 00 73 00 69 00 6F 00 6E 00 00 00 1C 01 00 .r.s.i.o .n...... > [0060] 00 . >[2012/08/30 15:27:51.959296, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.959435, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.959629, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/08/30 15:27:51.959752, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.959871, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.959988, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.960106, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.960224, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.960357, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/08/30 15:27:51.960496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 80 >[2012/08/30 15:27:51.960635, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 80 >[2012/08/30 15:27:51.960755, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.960876, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.961102, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2012/08/30 15:27:51.961221, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 64 >[2012/08/30 15:27:51.961358, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.961475, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2012/08/30 15:27:51.961597, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 64, incoming data = 64 >[2012/08/30 15:27:51.961717, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.961845, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0050 (80) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000038 (56) > context_id : 0x0000 (0) > opnum : 0x001a (26) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=56 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0020] 4F 00 53 00 56 00 65 00 72 00 73 00 69 00 6F 00 O.S.V.e. r.s.i.o. > [0030] 6E 00 00 00 1C 01 00 00 n....... >[2012/08/30 15:27:51.963566, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.963765, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.963887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.964011, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/08/30 15:27:51.964141, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fd50aed07e0 >[2012/08/30 15:27:51.964502, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > in: struct spoolss_GetPrinterData > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 > value_name : 'OSVersion' > offered : 0x0000011c (284) >[2012/08/30 15:27:51.965139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.965361, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/08/30 15:27:51.965507, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [OSVersion] >[2012/08/30 15:27:51.965626, 8] rpc_server/spoolss/srv_spoolss_nt.c:2305(getprinterdata_printer_server) > getprinterdata_printer_server:OSVersion >[2012/08/30 15:27:51.965836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > out: struct spoolss_GetPrinterData > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(284) > [0] : 0x14 (20) > [1] : 0x01 (1) > [2] : 0x00 (0) > [3] : 0x00 (0) > [4] : 0x05 (5) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x93 (147) > [13] : 0x08 (8) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x02 (2) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x00 (0) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x00 (0) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x00 (0) > [88] : 0x00 (0) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x00 (0) > [101] : 0x00 (0) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x00 (0) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x00 (0) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x00 (0) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x00 (0) > [221] : 0x00 (0) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x00 (0) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > needed : * > needed : 0x00000114 (276) > result : WERR_OK >[2012/08/30 15:27:51.985136, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.985270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 64 >[2012/08/30 15:27:51.985404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.985525, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 300. >[2012/08/30 15:27:51.985650, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0144 (324) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000012c (300) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=300 > [0000] 03 00 00 00 1C 01 00 00 14 01 00 00 05 00 00 00 ........ ........ > [0010] 00 00 00 00 93 08 00 00 02 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 14 01 00 00 00 00 00 00 ........ .... >[2012/08/30 15:27:51.988364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2077 >[2012/08/30 15:27:51.988668, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 324 bytes. There is no more data outstanding >[2012/08/30 15:27:51.988788, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..324] (align 0) >[2012/08/30 15:27:51.988908, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.988994, 5] lib/util.c:342(show_msg) > size=380 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5888 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 324 (0x144) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 324 (0x144) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=325 >[2012/08/30 15:27:51.990373, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 44 01 00 00 03 00 00 ........ .D...... > [0010] 00 2C 01 00 00 00 00 00 00 03 00 00 00 1C 01 00 .,...... ........ > [0020] 00 14 01 00 00 05 00 00 00 00 00 00 00 93 08 00 ........ ........ > [0030] 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 14 01 00 ........ ........ > [0140] 00 00 00 00 00 ..... >[2012/08/30 15:27:51.992594, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:51.992739, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:51.992861, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 132 (0 toread) >[2012/08/30 15:27:51.992979, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.993045, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5952 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=61 >[2012/08/30 15:27:51.995912, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 14 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:51.996255, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.996394, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.996530, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:51.996651, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.996788, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.996907, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.997025, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.997144, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.997265, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:51.997385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:51.997502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:51.997631, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.997757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.997874, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:51.997991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:51.998109, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.998245, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:51.998368, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:51.998486, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.998608, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.000161, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.000296, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.000576, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.000697, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.000821, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.000966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:52.001453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.001649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.001860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.002054, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.002173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.002661, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.002783, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.002911, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.003030, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.003154, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.004601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.004730, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.004881, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.005000, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.005061, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5952 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.006411, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.007396, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.007555, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.007687, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 45 (0 toread) >[2012/08/30 15:27:52.007804, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.007866, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6016 > smt_wct=3 > smb_vwv[ 0]=17754 (0x455A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.008835, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.008899, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.009018, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.009155, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17754 (numopen=2) >[2012/08/30 15:27:52.009324, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.009649, 5] smbd/files.c:482(file_free) > freed files structure 17754 (1 used) >[2012/08/30 15:27:52.009793, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.009855, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6016 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.010657, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.011282, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:52.011418, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:52.011555, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 132 (0 toread) >[2012/08/30 15:27:52.011685, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.011747, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6080 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17753 (0x4559) > smb_bcc=61 >[2012/08/30 15:27:52.013784, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 11 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:52.014175, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.014295, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.014420, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:52.014558, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.014676, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.014794, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.014912, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4559) >[2012/08/30 15:27:52.015048, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.015166, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:52.015285, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:52.015402, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:52.015590, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.015708, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.015825, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.015942, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:52.016078, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.016195, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.016350, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:52.016473, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.016596, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.018099, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.018216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.018351, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.018488, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.018608, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.018727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:52.019155, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019350, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019819, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.019953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.020471, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.020598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.020726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.020856, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.020986, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.022370, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.022511, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.022630, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.022749, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.022812, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6080 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.024351, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.025343, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.025481, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.025600, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 45 (0 toread) >[2012/08/30 15:27:52.025718, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.025780, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6144 > smt_wct=3 > smb_vwv[ 0]=17753 (0x4559) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.026742, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.026806, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.026928, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.027047, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17753 (numopen=1) >[2012/08/30 15:27:52.027166, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.027300, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \spoolss >[2012/08/30 15:27:52.027443, 5] smbd/files.c:482(file_free) > freed files structure 17753 (0 used) >[2012/08/30 15:27:52.027615, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.027678, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6144 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.028841, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.030334, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:52.030490, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:52.030610, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 106 (0 toread) >[2012/08/30 15:27:52.030728, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.030802, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6208 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:52.033005, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:52.033202, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.033445, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.033612, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:52.033739, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:52.033861, 5] smbd/files.c:140(file_new) > allocated file structure 13659, fnum = 17755 (1 used) >[2012/08/30 15:27:52.033984, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:52.034107, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:52.034248, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/08/30 15:27:52.034367, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/08/30 15:27:52.034493, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:52.034616, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:52.035366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:52.035554, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:52.035701, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 76 (0 toread) >[2012/08/30 15:27:52.035819, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.035880, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6272 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:52.037804, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 5B 45 ED 03 ...[E.. >[2012/08/30 15:27:52.037935, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.038055, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.038197, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:52.038317, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:52.038436, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.038507, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6272 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:52.040716, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/08/30 15:27:52.041664, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:52.041801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:52.041941, 3] smbd/process.c:1662(process_smb) > Transaction 20 of length 228 (0 toread) >[2012/08/30 15:27:52.042059, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.042121, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6336 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:52.044326, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:52.045180, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.045302, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.045422, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455b name: spoolss len: 160 >[2012/08/30 15:27:52.045542, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:52.045662, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:52.045783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:52.045902, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.046021, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.046138, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.046258, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:52.046376, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.046505, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.046621, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:52.046757, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.046882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.050193, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:52.050317, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.050436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:52.050553, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:52.050673, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.050809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.052751, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:52.052880, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:52.053656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.053812, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.053931, 3] smbd/process.c:1662(process_smb) > Transaction 21 of length 63 (0 toread) >[2012/08/30 15:27:52.054048, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.054110, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6400 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.055725, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.055800, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.055926, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.056048, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.056185, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:52.056305, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.056430, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:52.056574, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:52.057122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:52.057254, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:52.057373, 3] smbd/process.c:1662(process_smb) > Transaction 22 of length 296 (0 toread) >[2012/08/30 15:27:52.057499, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.057564, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6464 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=225 >[2012/08/30 15:27:52.059289, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:52.060395, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.060666, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.060791, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:52.060934, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.061052, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.061188, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.061306, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.061425, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.061544, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:52.061681, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:52.061798, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:52.061916, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.062035, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.062169, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.062286, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:52.062405, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.062522, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.062642, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:52.062768, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.062890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:52.065183, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.065301, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.065422, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.065545, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:52.065665, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:52.065787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:52.067612, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:52.067736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.067949, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:52.068122, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:52.068320, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:52.068598, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:52.068752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.068964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.069158, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.069282, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:52.072869, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:52.073040, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:52.073160, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.073297, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.073420, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.073538, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.073658, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.073778, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.073979, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:52.075196, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:52.075379, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.075567, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.075703, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.075821, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.075954, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.076073, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.076266, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:52.077978, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:52.078139, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.078265, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:52.078383, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.078510, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:52.078650, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:52.078770, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:52.078891, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:52.079012, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:52.079150, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.079274, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.079392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.079574, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.079715, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.080503, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.080649, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.080770, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.080887, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.081024, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.081144, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.081303, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.081436, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.081570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.081781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.082289, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.083926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.084144, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.084265, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.084387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.084684, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.084811, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.084929, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.085113, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.085247, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.085367, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.085487, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085621, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085739, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.085856, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085991, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.086142, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.086273, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.086395, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086514, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086638, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.086756, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.087032, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.087175, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.087297, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087416, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087570, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.087702, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087856, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.087981, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.088103, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088221, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088342, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.088464, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088651, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.088772, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.088893, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089015, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089134, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.089251, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089388, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089526, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.089645, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.089765, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.089892, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090014, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.090130, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090268, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090404, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.090528, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.090647, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.090767, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.090886, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.091046, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.091165, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.091287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.091561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.092075, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:52.092205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.092657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.092890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.093089, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.093207, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.093325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.094903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.095336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.095710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.095918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.096036, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.096153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.096783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.097259, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.097386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:52.097515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.097634, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.097759, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.099160, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:52.099281, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.099411, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.099557, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.099686, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.099748, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6464 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.101157, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:52.103317, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 140 >[2012/08/30 15:27:52.103578, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c >[2012/08/30 15:27:52.103711, 3] smbd/process.c:1662(process_smb) > Transaction 23 of length 144 (0 toread) >[2012/08/30 15:27:52.103830, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.103891, 5] lib/util.c:342(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6528 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=73 >[2012/08/30 15:27:52.105613, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... > [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 15 00 00 . ...... ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 00 00 00 00 00 00 ........ . >[2012/08/30 15:27:52.106019, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.106149, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.106280, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2012/08/30 15:27:52.106400, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.106516, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.106636, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.106756, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.106876, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.106995, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 56 >[2012/08/30 15:27:52.107114, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2012/08/30 15:27:52.107249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 >[2012/08/30 15:27:52.107367, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.107485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.107615, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.107732, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 >[2012/08/30 15:27:52.107850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.107967, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.108101, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 >[2012/08/30 15:27:52.108366, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.108489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.110088, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.110216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.110335, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.110456, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.110576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.110757, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : NULL > offered : 0x00000000 (0) >[2012/08/30 15:27:52.111542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.111774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.111968, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.112112, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.112247, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.112405, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.112531, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.112709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.113490, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.113633, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.113756, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.113873, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.113992, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.114127, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.114273, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.114842, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.114969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.115187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.115753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.117425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.117639, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.117760, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.117883, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118004, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118123, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.118239, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.118523, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.118641, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.118761, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.118877, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.118998, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.119114, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.119247, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.119378, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.119562, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.119692, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.119808, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.119929, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.120045, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.120325, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.120458, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.120595, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.120716, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.120833, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.120951, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.121086, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.121228, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.121356, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.121494, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.121614, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.121734, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.121855, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.122014, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.122134, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.122255, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122372, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122507, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.122624, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122893, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.123015, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.123135, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123253, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123371, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.123489, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123768, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123924, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.124046, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.124198, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.124319, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.124488, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.124613, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.124731, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.124851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.125057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.125621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.126357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.126579, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.126722, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.126867, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.126989, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.127109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.127229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.127479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.127743, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.127888, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.128022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.128143, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.128265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.128384, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.128504, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.128624, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.128761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.128881, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.129003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.129134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.129259, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.129383, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.129532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.131228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.132801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.133001, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.133160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.135563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.136914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.137111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.137233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.138766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.140095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.140290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.140410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.141822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.143114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.143312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.143456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.147102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.148486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.148743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.148908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.151063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.152397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.152597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.152730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.154861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.156812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.157016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.157139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.158519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.159910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.160109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.160234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.177586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.178905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.179109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.179238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.181637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.183001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.183205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.183334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.186011, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.187311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.187561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.187696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.189063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.190361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.190566, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.190689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.193528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.195455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.195781, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.195989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.198135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.199452, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.199708, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.199834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.201038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.202375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.202574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.202698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.203944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.205396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.205623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.205747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.206949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.208253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.208485, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.208610, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.209950, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.211397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.211619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.211744, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.213312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.216732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.216942, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.217088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.217212, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.217366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.218059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.218812, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.218932, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.219052, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.219185, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.219303, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.219418, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.219556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.219699, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.219822, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.220017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.221178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.227264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.227471, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.227613, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.227857, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.227983, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.228104, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.228222, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.228373, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.228679, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.228801, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.228925, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229064, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229183, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.229300, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229571, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.229694, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.230746, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.230872, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.230994, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.231112, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.231260, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.231440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.231622, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.231747, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.231865, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.232005, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.232123, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.232274, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.232395, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.232517, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.232676, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.232799, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.232916, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.233057, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.233177, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.233298, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233416, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233552, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.233669, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233807, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.234062, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.234183, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234304, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234422, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.234539, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234842, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.234973, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.235108, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.235227, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.235345, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.235556, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.235685, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.235824, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.236136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.236737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.237992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.238194, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.238315, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.238434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.238555, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.238699, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.238823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.238947, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.239078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.239198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.239319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.239438, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.239625, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.239746, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.239865, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.239984, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.240105, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.240224, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.240344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.240645, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.240765, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.240885, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.241004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.241124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.241802, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.243064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.243271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.243392, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.243560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.259952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.260388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.260611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.260805, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.260936, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.261055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.265435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.265858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.266055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.266250, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.266370, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.266490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.267003, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.267425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.267625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.267822, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.267947, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.268067, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.268614, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.269085, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.269283, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.269478, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.269597, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.269760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.270365, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.270523, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.270642, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.270760, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.270913, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.271174, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.271447, 4] printing/printing.c:1316(print_cache_expired) > print_cache_expired: cache expired for queue HP_4515 (last_qscan_time = 1346354404, time now = 1346354872, qcachetime = 30) >[2012/08/30 15:27:52.271712, 10] printing/printing.c:1844(print_queue_update) > print_queue_update: Sending message -> printer = HP_4515, type = 8, lpq command = [HP_4515] lprm command = [] >[2012/08/30 15:27:52.271956, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/30 15:27:52.272084, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_UPDATE (517) > dest: struct server_id > pid : 0x00000ba3 (2979) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > src: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > buf : DATA_BLOB length=21 > [0000] 48 50 5F 34 35 31 35 00 08 00 00 00 48 50 5F 34 HP_4515. ....HP_4 > [0010] 35 31 35 00 00 515.. >[2012/08/30 15:27:52.278031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : NULL > needed : * > needed : 0x00000308 (776) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:52.278535, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.278672, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 40 >[2012/08/30 15:27:52.278833, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.278957, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. >[2012/08/30 15:27:52.279081, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... >[2012/08/30 15:27:52.280446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.280580, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.280714, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 36 bytes. There is no more data outstanding >[2012/08/30 15:27:52.280837, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/08/30 15:27:52.280957, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.281019, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6528 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/08/30 15:27:52.282396, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... > [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ > [0020] 00 7A 00 00 00 .z... >[2012/08/30 15:27:52.302997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1392 >[2012/08/30 15:27:52.303202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x570 >[2012/08/30 15:27:52.303322, 3] smbd/process.c:1662(process_smb) > Transaction 24 of length 1396 (0 toread) >[2012/08/30 15:27:52.303455, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.303560, 5] lib/util.c:342(show_msg) > size=1392 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6592 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1308 (0x51C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1308 (0x51C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=1325 >[2012/08/30 15:27:52.305303, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ > [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 15 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.307626, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.307752, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.307880, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1308 params=0 setup=2 >[2012/08/30 15:27:52.308002, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.308138, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.308256, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.308373, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.308516, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.308636, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1308 >[2012/08/30 15:27:52.308755, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1308 >[2012/08/30 15:27:52.309044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 >[2012/08/30 15:27:52.309171, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.309290, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.309417, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.309584, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 >[2012/08/30 15:27:52.309741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.309929, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.310055, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 >[2012/08/30 15:27:52.310193, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.310320, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x051c (1308) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000504 (1284) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1284 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] E0 04 00 00 .... >[2012/08/30 15:27:52.319201, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.319350, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.319472, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.319617, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.319754, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.319876, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=1248 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x000004e0 (1248) >[2012/08/30 15:27:52.328678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.328906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.329101, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.329275, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.329402, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.329646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.329802, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.329944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.330757, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.330881, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.331001, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.331122, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.331241, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.331358, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.331510, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.331656, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.331778, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.331994, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.332538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.334114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.334336, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.334457, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.334578, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.334695, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.334814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.334933, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.335079, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.335212, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.335330, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.335452, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.335618, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.335736, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.335863, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.336148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.336280, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.336397, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.336519, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.336635, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.336753, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.336868, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.337003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.337134, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.337252, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.337364, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337565, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337682, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.337797, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337965, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.338085, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.338205, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338322, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338443, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.338559, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338694, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.338812, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.338936, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339053, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339170, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.339286, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339423, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.340776, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.340913, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.341060, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341177, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341296, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.341413, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341741, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.341865, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.342005, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.342125, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.342244, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.342390, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.342534, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.342654, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.342862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.343363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.344158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.344359, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.344615, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.344760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.344883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.345002, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.345121, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.345240, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.345361, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.345480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.345599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.345719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.345855, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.345974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.346093, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.346212, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.346335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.346454, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.346581, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.346701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.346824, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.346948, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.347088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.348783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.350570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.350818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.350982, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.352382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.353776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.353974, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.354114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.355705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.357063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.357258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.357382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.358772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.360090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.360450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.360583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.363974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.365353, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.365613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.365737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.367822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.369158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.369387, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.369518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.371927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.373502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.373709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.373837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.375162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.376517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.376714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.376837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.394201, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.395629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.396017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.396145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.398261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.400387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.400615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.400746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.402051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.403312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.403553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.403683, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.405052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.406351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.406544, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.406667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.409606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.410913, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.411216, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.413458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.414748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.414958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.415080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.416360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.417650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.417848, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.417970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.419173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.420669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.420873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.420995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.422186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.423476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.423683, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.423805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.425132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.426435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.426629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.426750, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.428114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.429546, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.429760, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.429879, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.429999, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.430117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.430819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.431672, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.431792, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.431913, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.432029, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.432298, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.432413, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.432555, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.432687, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.432826, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.433020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.433517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.435049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.435262, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.435380, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.435559, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.435697, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.435814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.435930, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.436084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.436252, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.436370, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.436508, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436628, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436746, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.436862, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436996, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.437145, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.437263, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.437383, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437502, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437620, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.437800, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.438094, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.438214, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.438334, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438454, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438572, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.438688, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438830, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.438967, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.439088, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439205, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439324, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.439444, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439632, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.439752, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.439876, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.439994, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440139, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.440255, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440395, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440531, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.440650, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.440771, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.440891, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441010, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.441126, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441265, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441410, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.441531, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.441650, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.441771, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.441889, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.442007, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.442125, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.442246, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.442441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.442933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.444327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.444555, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.444674, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.444809, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.444929, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.445067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.445189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.445329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.445458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.445579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.445719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.445842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.445964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.446085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.446209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.446330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.446452, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.446573, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.446697, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.446817, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.446939, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.447060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.447184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.447309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.448056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.449579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.449790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.449911, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.450052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.466917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.467347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.467581, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.467809, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.467932, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.468053, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.468721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.469169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.469364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.469575, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.469699, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.469937, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.470521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.470999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.471201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.471395, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.471635, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.471756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.472251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.472710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.472942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.473137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.473256, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.473377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.473921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:52.491717, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.491855, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 1292 >[2012/08/30 15:27:52.492174, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.492298, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. >[2012/08/30 15:27:52.492423, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0508 (1288) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000004f0 (1264) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1264 > [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ > [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... > [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... > [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:52.499785, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:52.499925, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:52.500052, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:52.500171, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:52.500364, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.500427, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6592 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:52.501785, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ > [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ > [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. > [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. > [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. > [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.506085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.506374, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.506504, 3] smbd/process.c:1662(process_smb) > Transaction 25 of length 63 (0 toread) >[2012/08/30 15:27:52.506627, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.506689, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6656 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 264 (0x108) > smb_vwv[ 6]= 264 (0x108) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 264 (0x108) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.508853, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.508936, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.509063, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.509187, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 264 >[2012/08/30 15:27:52.509309, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. >[2012/08/30 15:27:52.509456, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.509587, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.509844, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 264 bytes. There is more data outstanding >[2012/08/30 15:27:52.510060, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=264 max=264 nread=264 >[2012/08/30 15:27:52.520165, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:52.520374, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:52.520493, 3] smbd/process.c:1662(process_smb) > Transaction 26 of length 132 (0 toread) >[2012/08/30 15:27:52.520610, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.520674, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6720 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1288 (0x508) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=61 >[2012/08/30 15:27:52.522372, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 15 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:52.522753, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.522872, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.522997, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:52.523134, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.523249, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.523365, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.523482, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.523647, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1288 >[2012/08/30 15:27:52.523765, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:52.523896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:52.524031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:52.524184, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.524302, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.524419, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.524537, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:52.524655, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.524771, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.524887, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:52.525022, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.525151, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.526669, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.526793, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.527063, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.527187, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.527307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.527431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.528916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529316, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.529649, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.530142, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.530272, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.530404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1288 >[2012/08/30 15:27:52.530524, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.530776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.532386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.532573, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.532703, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.532844, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.532906, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6720 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.534270, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.534726, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:52.534851, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:52.534997, 3] smbd/process.c:1662(process_smb) > Transaction 27 of length 106 (0 toread) >[2012/08/30 15:27:52.535115, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.535175, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6785 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:52.537388, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:52.537584, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.537702, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.537842, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:52.537958, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:52.538140, 5] smbd/files.c:140(file_new) > allocated file structure 13660, fnum = 17756 (2 used) >[2012/08/30 15:27:52.538280, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:52.538403, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:52.538527, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:52.538687, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:52.538808, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:52.539585, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.539741, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.539868, 3] smbd/process.c:1662(process_smb) > Transaction 28 of length 45 (0 toread) >[2012/08/30 15:27:52.539985, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.540046, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6849 > smt_wct=3 > smb_vwv[ 0]=17755 (0x455B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.541197, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.541267, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.541385, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.541503, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17755 (numopen=2) >[2012/08/30 15:27:52.541621, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.541762, 5] smbd/files.c:482(file_free) > freed files structure 17755 (1 used) >[2012/08/30 15:27:52.541881, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.541944, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6849 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.542730, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.543297, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:52.543428, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:52.543618, 3] smbd/process.c:1662(process_smb) > Transaction 29 of length 228 (0 toread) >[2012/08/30 15:27:52.543738, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.543802, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6913 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17756 (0x455C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:52.545402, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:52.546229, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.546350, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.546469, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455c name: spoolss len: 160 >[2012/08/30 15:27:52.546606, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:52.546724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:52.546841, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:52.546970, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.547104, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.547221, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.547337, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:52.547457, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.547612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.547729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:52.547847, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.547971, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.551355, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:52.551523, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.551651, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:52.551768, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:52.551888, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.552018, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.553979, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:52.554108, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:52.555024, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.555166, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.555284, 3] smbd/process.c:1662(process_smb) > Transaction 30 of length 63 (0 toread) >[2012/08/30 15:27:52.555401, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.555466, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6977 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17756 (0x455C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.557073, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.557140, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.557259, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.557382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.557503, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:52.557635, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.557759, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:52.557877, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:52.558662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:52.558798, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:52.558916, 3] smbd/process.c:1662(process_smb) > Transaction 31 of length 296 (0 toread) >[2012/08/30 15:27:52.559033, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.559094, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7041 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=225 >[2012/08/30 15:27:52.560816, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:52.561904, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.562022, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.562144, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:52.562264, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.562380, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.562496, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.562612, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.562746, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.562864, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:52.562981, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:52.563098, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:52.563215, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.563338, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.563455, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.563607, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:52.563728, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.563844, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.563960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:52.564230, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.564354, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:52.566621, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.566741, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.566875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.566995, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:52.567114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:52.567236, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:52.569045, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:52.569167, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.569361, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:52.569557, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:52.569753, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:52.570001, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:52.570118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.570312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.570532, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.570657, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:52.573851, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:52.574037, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:52.574159, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.574281, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.574405, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.574523, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.574641, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.574758, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.574993, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:52.576464, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:52.576661, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.576809, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.576977, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.577120, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.577260, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.577416, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.577631, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:52.579616, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:52.579796, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.579941, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:52.580060, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.580189, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:52.580306, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:52.580480, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:52.580603, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:52.580752, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:52.580875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.581002, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.581121, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.581244, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.581379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.582144, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.582265, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.582387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.582507, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.582637, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.582754, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.582901, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.583036, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.583158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.583356, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.583901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.585473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.585696, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.585818, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.585940, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586062, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586182, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.586298, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586450, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.586591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.586713, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.586845, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.586963, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587105, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.587221, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587361, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587550, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.587680, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.587802, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.587920, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588038, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.588414, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588717, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.588838, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.588960, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589099, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589224, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.589341, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589491, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.589613, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.589765, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.589884, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.590004, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.590120, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.590277, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.590398, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.590519, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.590638, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.590761, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.590878, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.591468, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.591657, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.591782, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.591905, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592025, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592146, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.592306, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592452, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592589, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.592711, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.592834, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.592955, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.593074, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.593193, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.593331, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.593453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.593652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.594147, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:52.594279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.594711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.594925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.595130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.595250, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.595388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.596100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.596567, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.596764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.596975, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.597095, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.597213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.597695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.598174, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.598301, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:52.598434, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.598554, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.598680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.600287, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:52.600410, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.600555, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.600675, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.600793, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.600855, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7041 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.602236, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 00 00 ........ ..... .. > [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:52.605310, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 140 >[2012/08/30 15:27:52.605592, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c >[2012/08/30 15:27:52.605725, 3] smbd/process.c:1662(process_smb) > Transaction 32 of length 144 (0 toread) >[2012/08/30 15:27:52.605844, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.605905, 5] lib/util.c:342(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7105 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=73 >[2012/08/30 15:27:52.607688, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... > [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 20 00 00 . ...... ..... .. > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 00 00 00 00 00 00 ........ . >[2012/08/30 15:27:52.608169, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.608307, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.608449, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2012/08/30 15:27:52.608586, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.608705, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.608833, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.608959, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.609089, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.609208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 56 >[2012/08/30 15:27:52.609352, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2012/08/30 15:27:52.609486, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 >[2012/08/30 15:27:52.609620, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.609754, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.609873, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.609991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 >[2012/08/30 15:27:52.610121, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.610246, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.610365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 >[2012/08/30 15:27:52.610623, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.610752, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.612678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.612823, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.612990, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.613132, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.613270, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.613395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : NULL > offered : 0x00000000 (0) >[2012/08/30 15:27:52.614037, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.614270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.614482, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.614644, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.614785, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.614904, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.615045, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.615196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.616100, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.616224, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.616346, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.616463, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.616597, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.616716, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.616862, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.616996, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.617135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.617332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.617857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.619529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.619751, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.619887, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.620032, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620152, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620287, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.620428, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.620708, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.620844, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.620967, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621086, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621206, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.621322, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621640, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.621758, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.621895, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622028, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622162, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.622295, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622444, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622578, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.622721, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.622872, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.622992, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.623112, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.623231, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.623376, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.623552, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.623702, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.623836, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.624103, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.624223, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.624363, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.624484, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.624622, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.624750, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.624874, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.625007, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.625146, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.625299, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.625435, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.625559, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.625693, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.625814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.625946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.626100, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.626252, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.626375, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.626510, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.626662, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.626803, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.626937, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.627071, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.627293, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.627562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.628121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.628915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.629129, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.629285, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.629448, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.629572, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.629691, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.629813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.629948, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.630086, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.630207, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.630345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.630480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.630602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.630724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.630853, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.630972, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.631219, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.631364, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.631598, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.631722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.631858, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.631990, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.632146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.633732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.635065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.635279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.635424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.636990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.638412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.638641, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.638783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.640497, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.641863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.642062, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.642185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.643564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.644947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.645160, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.645297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.648971, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.650390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.650613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.650740, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.653853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.655245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.655449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.655622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.657941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.659348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.659585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.659725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.661342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.662708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.662925, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.663063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.680558, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.681950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.682164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.682290, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.684633, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.685995, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.686195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.686316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.687762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.689216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.689416, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.689541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.690892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.692493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.692698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.692852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.696299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.697772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.697987, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.698117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.700504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.701879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.702103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.702244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.703472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.705752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.705969, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.706099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.707374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.709719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.709976, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.710104, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.711427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.713404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.713614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.713758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.715128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.716597, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.717661, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.717829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.719259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.720739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.720943, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.721079, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.721203, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.721323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.722025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.722853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.722995, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.723119, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.723238, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.723359, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.723478, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.724508, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.724646, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.724771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.725032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.725590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.727250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.727469, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.727643, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.727783, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.727917, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.728038, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.728156, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.728329, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.728480, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.728615, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.728773, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729029, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729151, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.729270, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729432, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729582, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.729726, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.729850, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.729977, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730102, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.730236, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730520, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.730642, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.730780, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.730900, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.731037, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.731156, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.731301, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.731439, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.731597, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.731732, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.731853, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.731980, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.732128, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.732426, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.732550, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.732692, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.732813, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.733058, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.733216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.733419, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.733544, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.733670, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.733800, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.733922, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.734042, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.734202, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.734375, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.734517, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.734642, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.734780, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.734916, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.735051, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.735172, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.735295, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.735564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.736148, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.737458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.737683, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.737805, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.737937, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.738078, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.738229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.738370, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.738486, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.738704, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.738842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.738965, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.739101, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.739223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.739359, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.739481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.739626, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.739748, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.739870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.740006, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.740161, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.740283, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.740444, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.740580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.740725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.741499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.742830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.743029, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.743151, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.743291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.760598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.761074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.761273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.761472, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.761610, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.761736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.762262, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.762706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.762925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.763123, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.763247, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.763385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.763964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.764432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.764633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.764844, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.764986, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.765146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.765654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.766087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.766286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.766496, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.766630, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.766764, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.767348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : NULL > needed : * > needed : 0x00000308 (776) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:52.767997, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.768136, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 40 >[2012/08/30 15:27:52.768281, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.768417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. >[2012/08/30 15:27:52.768543, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... >[2012/08/30 15:27:52.769927, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.770056, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.770221, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 36 bytes. There is no more data outstanding >[2012/08/30 15:27:52.770341, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/08/30 15:27:52.770477, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.770541, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7105 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/08/30 15:27:52.772061, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... > [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ > [0020] 00 7A 00 00 00 .z... >[2012/08/30 15:27:52.774980, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1392 >[2012/08/30 15:27:52.775193, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x570 >[2012/08/30 15:27:52.775316, 3] smbd/process.c:1662(process_smb) > Transaction 33 of length 1396 (0 toread) >[2012/08/30 15:27:52.775436, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.775558, 5] lib/util.c:342(show_msg) > size=1392 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7169 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1308 (0x51C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1308 (0x51C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=1325 >[2012/08/30 15:27:52.777333, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ > [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 20 00 00 ........ ..... .. > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.780139, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.780425, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.780560, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1308 params=0 setup=2 >[2012/08/30 15:27:52.780686, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.780849, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.780971, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.781107, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.781245, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.781384, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1308 >[2012/08/30 15:27:52.781546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1308 >[2012/08/30 15:27:52.781668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 >[2012/08/30 15:27:52.781805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.781940, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.782062, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.782182, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 >[2012/08/30 15:27:52.782303, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.782439, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.782574, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 >[2012/08/30 15:27:52.782711, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.782839, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x051c (1308) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000504 (1284) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1284 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] E0 04 00 00 .... >[2012/08/30 15:27:52.791104, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.791247, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.791542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.791682, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.791819, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.791949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=1248 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x000004e0 (1248) >[2012/08/30 15:27:52.799928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.800164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.800375, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.800524, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.800666, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.800800, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.800928, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.801069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.801904, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.802039, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.802175, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.802320, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.802456, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.802574, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.802738, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.802874, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.803006, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.803210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.803761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.805569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.805790, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.805911, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.806049, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806182, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806303, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.806422, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806569, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.806722, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.806857, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.806995, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807114, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807249, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.807385, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807560, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807719, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.807855, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.808021, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808138, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808275, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.808394, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808531, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808666, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.808802, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.808925, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809044, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809185, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.809305, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809466, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.809601, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.809723, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.809857, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.809978, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.810111, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.810382, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.810509, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.810650, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.810771, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.810893, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.811019, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.811175, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.811327, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.811449, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.811767, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.811902, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812040, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.812184, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812353, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812512, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.812653, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.812791, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.814654, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.814813, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.814936, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.815074, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.815198, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.815414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.816155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.816920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.817125, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.817259, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.817405, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.817543, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.817665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.817787, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.817906, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.818042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.818178, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.818315, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.818437, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.818558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.818694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.818816, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.818952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.819074, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.819209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.819329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.819464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.819648, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.819771, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.826429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.828244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.829843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.830065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.830209, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.831704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.833147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.833370, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.833511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.835568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.836981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.837180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.837354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.838767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.840379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.840590, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.840722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.844422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.845860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.846078, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.846219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.848331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.849618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.849853, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.849977, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.852266, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.853576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.853770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.853890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.855426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.856784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.856982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.857103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.873534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.875348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.876533, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.876662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.878769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.880076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.880274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.880438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.881769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.883045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.883240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.883361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.884768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.886129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.886329, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.886458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.889346, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.890649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.890845, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.890967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.893077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.894717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.894936, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.895063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.896321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.897662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.897870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.897997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.899219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.900757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.900955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.901077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.902323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.903671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.903870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.904029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.905339, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.906651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.906862, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.906983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.908418, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.909679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.909879, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.910001, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.910122, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.910338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.911039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.912021, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.912146, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.912268, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.912385, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.912519, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.912635, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.912781, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.912919, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.913042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.913240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.913747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.915741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.915993, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.916132, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.916277, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916394, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916515, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.916631, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916778, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.916979, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.917099, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.917220, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917341, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917461, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.917578, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.917971, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.918095, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918211, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918329, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.918446, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918598, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918732, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.918852, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.918976, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919092, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919210, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.919343, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919487, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.919637, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.919785, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.919903, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.920050, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.920167, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.920310, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.920433, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.920554, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.920671, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.920789, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.920907, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.921044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.921180, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.921301, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.921422, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921539, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921660, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.921775, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921913, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.922066, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.922187, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.922305, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.922434, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.922558, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.922677, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.922794, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.922916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.923111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.923805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.925048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.925247, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.925385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.925504, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.925625, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.925782, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.925903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.926023, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.926145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.926265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.926385, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.926505, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.926630, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.926878, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.927003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.927123, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.927243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.927365, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.927484, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.928445, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.928568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.928688, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.928807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.928933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.929719, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.930970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.931170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.931295, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.931422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.947832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.948409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.948643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.948837, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.948963, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.949082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.949602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.950045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.950260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.950464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.950589, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.950708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.951215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.951704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.951906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.952139, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.952262, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.952380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.952887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.953320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.953526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.953726, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.953845, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.953964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.954550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:52.972656, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.972795, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 1292 >[2012/08/30 15:27:52.972956, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.973183, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. >[2012/08/30 15:27:52.973310, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0508 (1288) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000004f0 (1264) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1264 > [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ > [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... > [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... > [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:52.981784, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:52.981915, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:52.982036, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:52.982188, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:52.982308, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.982370, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7169 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:52.983770, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ > [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ > [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. > [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. > [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. > [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.987275, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.987521, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.987669, 3] smbd/process.c:1662(process_smb) > Transaction 34 of length 63 (0 toread) >[2012/08/30 15:27:52.987790, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.987852, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7233 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17756 (0x455C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 264 (0x108) > smb_vwv[ 6]= 264 (0x108) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 264 (0x108) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.989647, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.989713, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.989851, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.989974, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 264 >[2012/08/30 15:27:52.990095, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. >[2012/08/30 15:27:52.990218, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.990350, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.990667, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 264 bytes. There is more data outstanding >[2012/08/30 15:27:52.990956, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=264 max=264 nread=264 >[2012/08/30 15:27:52.991691, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:52.991866, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:52.992024, 3] smbd/process.c:1662(process_smb) > Transaction 35 of length 132 (0 toread) >[2012/08/30 15:27:52.992154, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.992222, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7297 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1288 (0x508) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=61 >[2012/08/30 15:27:52.994990, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 20 00 00 ........ ..... .. > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:52.995364, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.995488, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.996590, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:52.996713, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.996831, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.996948, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.997067, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.997186, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1288 >[2012/08/30 15:27:52.997307, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:52.997426, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:52.997544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:52.997662, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.997791, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.997909, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.998026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:52.998146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.999075, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.999201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:52.999322, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.999447, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.007793, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.010742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.010895, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.011039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:53.011177, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:53.011315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:53.011754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.012001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.012418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.012616, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.012779, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.013256, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.013398, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:53.013535, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1288 >[2012/08/30 15:27:53.013656, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:53.013781, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:53.015362, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:53.015496, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:53.015618, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:53.015748, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.015811, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7297 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:53.017261, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:53.018646, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:53.018827, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:53.018951, 3] smbd/process.c:1662(process_smb) > Transaction 36 of length 45 (0 toread) >[2012/08/30 15:27:53.019228, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.019292, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7361 > smt_wct=3 > smb_vwv[ 0]=17756 (0x455C) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:53.020594, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.020673, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.020800, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.020925, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17756 (numopen=1) >[2012/08/30 15:27:53.021047, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:53.021227, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \spoolss >[2012/08/30 15:27:53.021355, 5] smbd/files.c:482(file_free) > freed files structure 17756 (0 used) >[2012/08/30 15:27:53.021476, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.021538, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7361 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:53.022316, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.054530, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:53.054740, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:53.054863, 3] smbd/process.c:1662(process_smb) > Transaction 37 of length 106 (0 toread) >[2012/08/30 15:27:53.054981, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.055074, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7425 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:53.057458, 10] ../lib/util/util.c:415(dump_data) > [0000] FF 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:53.057657, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.057794, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.057920, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:53.058042, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:53.058167, 5] smbd/files.c:140(file_new) > allocated file structure 13661, fnum = 17757 (1 used) >[2012/08/30 15:27:53.058290, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:53.058430, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:53.058572, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/08/30 15:27:53.058689, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/08/30 15:27:53.058820, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:53.058956, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:53.062128, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:53.062460, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:53.062583, 3] smbd/process.c:1662(process_smb) > Transaction 38 of length 76 (0 toread) >[2012/08/30 15:27:53.062702, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.062764, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7489 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:53.065224, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 5D 45 ED 03 ...]E.. >[2012/08/30 15:27:53.065364, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.065501, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.065739, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:53.065863, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:53.065981, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.066043, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7489 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:53.067480, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/08/30 15:27:53.069332, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:53.069591, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:53.069710, 3] smbd/process.c:1662(process_smb) > Transaction 39 of length 228 (0 toread) >[2012/08/30 15:27:53.069827, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.069888, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7553 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17757 (0x455D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:53.072100, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:53.073391, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.073636, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.073892, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455d name: spoolss len: 160 >[2012/08/30 15:27:53.074015, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:53.074134, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:53.074251, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:53.074368, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.074485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.074602, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.074718, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:53.074854, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.074970, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.075086, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:53.075204, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.075361, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.078634, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:53.078757, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.078875, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:53.078992, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:53.079112, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.079239, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.081473, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:53.081619, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:53.082724, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:53.082899, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:53.083018, 3] smbd/process.c:1662(process_smb) > Transaction 40 of length 63 (0 toread) >[2012/08/30 15:27:53.083145, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.083207, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7617 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17757 (0x455D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:53.084782, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.084858, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.085022, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.085147, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.085271, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:53.085479, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:53.085615, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:53.085738, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:53.086609, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:53.086823, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:53.086943, 3] smbd/process.c:1662(process_smb) > Transaction 41 of length 296 (0 toread) >[2012/08/30 15:27:53.087060, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.087122, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7681 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17757 (0x455D) > smb_bcc=225 >[2012/08/30 15:27:53.089874, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:53.091038, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.091158, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.091293, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:53.091414, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.091729, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.091854, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.091970, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455d) >[2012/08/30 15:27:53.092089, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:53.092207, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:53.092326, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:53.092461, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:53.092579, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.092696, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.092812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.092928, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:53.093616, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.093734, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.093850, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:53.093985, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.094109, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 08 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:53.096618, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.096742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.096892, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.097019, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:53.097156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:53.097303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000008 (8) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:53.099315, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:53.099529, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.099789, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:53.099990, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:53.100229, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:53.100557, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:53.100720, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.100947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.101192, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.101358, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:53.105633, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:53.105834, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:53.105985, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.106125, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.106252, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.106392, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.106522, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.106658, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.106920, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:53.108625, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:53.108829, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.108973, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.109133, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.109273, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.109417, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.109561, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.109789, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:53.112183, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:53.112455, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.112595, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:53.112720, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.112873, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:53.113006, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:53.113167, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:53.113295, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:53.113432, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:53.113565, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.113709, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.113835, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.113994, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.114165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.115045, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.115188, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.115315, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.115435, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.115642, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.115780, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.115965, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.116105, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.116436, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.116661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.117230, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.118959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.119199, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.119324, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.119463, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.119647, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.119786, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.119922, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.120080, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.120252, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.120377, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.120500, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.120637, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.120775, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.120911, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.121085, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.121251, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.121401, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.121545, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.121681, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.121817, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.121946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.122104, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.122256, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.122381, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.122520, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.122668, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.122793, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.122914, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.123076, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.123201, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.123341, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.123472, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.124092, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.124234, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.124416, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.124557, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.124699, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.124830, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.124974, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.125103, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.125266, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.125451, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.125594, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.125720, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.125856, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.125993, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.126128, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.126285, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.126427, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.126568, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.126731, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.126869, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.127022, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.127152, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.127289, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.127428, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.127654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.128373, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:53.128532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002d-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.129008, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.129355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.129606, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.129728, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:53.129866, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.130444, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002c-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.130901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.131117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.131345, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.131475, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:53.131622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.132208, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.132797, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.132951, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:53.133097, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.133230, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:53.133365, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:53.134972, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:53.135137, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:53.135303, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:53.135442, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:53.135621, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.135701, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7681 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:53.137281, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2B 00 00 ........ .....+.. > [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:53.140284, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/08/30 15:27:53.140517, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/08/30 15:27:53.140651, 3] smbd/process.c:1662(process_smb) > Transaction 42 of length 4244 (0 toread) >[2012/08/30 15:27:53.140798, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.140878, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7745 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17757 (0x455D) > smb_bcc=4173 >[2012/08/30 15:27:53.142728, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 2B 00 00 .$...... .....+.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:53.145629, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.145782, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.145930, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/08/30 15:27:53.146086, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.146221, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.146352, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.146488, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455d) >[2012/08/30 15:27:53.146631, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:53.146772, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/08/30 15:27:53.146896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/08/30 15:27:53.147031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/08/30 15:27:53.147168, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.147304, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.147450, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.147623, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/08/30 15:27:53.147787, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.147925, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.148044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/08/30 15:27:53.148183, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.148343, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/08/30 15:27:53.173836, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.173987, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.174135, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.174278, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:53.174440, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:53.174588, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-3f50-b9beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/08/30 15:27:53.198856, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.199116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.199340, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.199495, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.199706, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.199992, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.200153, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.200313, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.201204, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.201344, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.201471, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.201594, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.201753, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.201889, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.202056, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.202195, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.202346, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.202575, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.203164, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.205061, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.205351, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.205503, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.205642, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.205794, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.205932, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.206067, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.206246, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.206411, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.206579, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.206734, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.206856, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.207007, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.207130, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.207284, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.207435, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.207632, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.207823, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.207954, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.208097, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.208235, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.208394, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.208548, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.208673, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.208799, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.208989, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.209149, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.209284, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.209466, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.209606, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.209733, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.209877, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.210030, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.210171, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.210369, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.210511, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.210654, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.210777, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.210916, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.211051, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.211211, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.211387, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.211599, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.211900, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.212033, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.212180, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.212302, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.212471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.212632, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.212799, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.212944, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.213084, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.213219, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.213365, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.213490, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.213630, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.213839, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.214430, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:53.215243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.215460, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:53.215680, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.215883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:53.216042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:53.216170, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:53.216292, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:53.216431, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:53.216586, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:53.216724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:53.216864, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:53.217231, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:53.217373, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:53.217498, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:53.217651, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:53.217804, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:53.217929, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:53.218067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:53.218205, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:53.218330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:53.218496, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:53.218625, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.218793, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:53.220612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.222164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.222384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.222528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.224226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.225750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.225958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.226084, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:53.227955, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.229498, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.229769, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.229935, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.231489, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.233750, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.233982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.234124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:53.238108, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.239697, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.240022, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.240186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.242579, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.244025, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.244282, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.244410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:53.246883, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.248589, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.248850, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.249010, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.250516, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.252017, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.252293, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.252455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:53.270973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.273064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.273273, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.273414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.275965, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.277488, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.277714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.277863, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.279433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.281060, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.281306, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.281450, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.282980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.284640, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.284858, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.285010, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:53.288183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.289749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.289980, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.290233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.293992, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.295714, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.295955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.296090, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.297475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.299026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.299255, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.299442, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.300874, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.302356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.302602, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.302749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.304155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.305674, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.305875, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.306014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.308718, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.310247, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.310502, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.310652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.312327, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.313717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.313978, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.314125, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.314268, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:53.314408, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:53.315220, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.316285, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.316441, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.316567, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.316702, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.316842, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.316964, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.317116, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.317270, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.317399, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.317666, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.318286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.320517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.320750, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.320889, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.321046, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.321245, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.321384, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.321503, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.321683, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.321837, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.321976, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.322117, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.322255, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.322410, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.322540, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.322704, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.322858, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.323015, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.323170, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.323293, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.323479, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.323653, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.323799, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.323939, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.324077, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.324275, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.324400, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.324554, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.324689, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.324877, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.325016, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.325158, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.325295, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.325434, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.325569, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.325817, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.325949, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:53.326091, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.326220, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.326341, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.326493, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.326650, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.326805, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.326942, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:53.327115, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.327242, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.327365, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.327567, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.327762, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.327924, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.328106, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:53.328250, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:53.328375, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.328524, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.328649, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.328772, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.328925, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.329139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.329947, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.331285, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.331547, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.331690, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.331834, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:53.331974, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.332289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:53.332447, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:53.332574, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:53.332712, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:53.332834, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:53.333004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:53.333166, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:53.333293, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:53.333417, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:53.333557, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:53.333695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:53.333835, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:53.333974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:53.334112, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:53.334237, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:53.334375, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:53.334513, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:53.334665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:53.334805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:53.335636, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.336999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.337214, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.337334, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.337471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:53.354377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000031-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.354811, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.355026, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 31 00 00 00 00 00 00 00 3F 50 B9 BE ....1... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.355248, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.355394, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.355543, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.356210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000030-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.356644, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.356858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 30 00 00 00 00 00 00 00 3F 50 B9 BE ....0... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.357056, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.357190, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.357310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.357843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002f-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.358287, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.358514, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2F 00 00 00 00 00 00 00 3F 50 B9 BE ..../... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.358740, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.358869, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:53.358989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.359489, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002e-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.359967, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.360192, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2E 00 00 00 00 00 00 00 3F 50 B9 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.360421, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.360555, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:53.360675, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.361294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:53.380853, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.380993, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4140 >[2012/08/30 15:27:53.381172, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.381294, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. >[2012/08/30 15:27:53.381422, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x1028 (4136) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00001010 (4112) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4112 > [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ > [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... > [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... > [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:53.404320, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:53.404475, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:53.404601, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:53.404740, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:53.404931, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.405017, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7745 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:53.406494, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... > [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ > [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ > [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. > [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. > [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:53.412603, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:53.412864, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:53.412986, 3] smbd/process.c:1662(process_smb) > Transaction 43 of length 63 (0 toread) >[2012/08/30 15:27:53.413115, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.413182, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=7809 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17757 (0x455D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3112 (0xC28) > smb_vwv[ 6]= 3112 (0xC28) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3112 (0xC28) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:53.414716, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.414783, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.414923, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.415063, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3112 >[2012/08/30 15:27:53.415204, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. >[2012/08/30 15:27:53.415344, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:53.415480, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:53.415649, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 3112 bytes. There is more data outstanding >[2012/08/30 15:27:53.415772, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3112 max=3112 nread=3112 >[2012/08/30 15:27:53.419711, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:53.419968, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:53.420091, 3] smbd/process.c:1662(process_smb) > Transaction 44 of length 132 (0 toread) >[2012/08/30 15:27:53.420333, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.420396, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7873 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17757 (0x455D) > smb_bcc=61 >[2012/08/30 15:27:53.423124, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 2B 00 00 ........ .....+.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:53.424356, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.424489, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.424617, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:53.424739, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.424856, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.424975, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.425093, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455d) >[2012/08/30 15:27:53.425212, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 4136 >[2012/08/30 15:27:53.425372, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:53.426408, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:53.426541, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:53.426660, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.426780, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.426897, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:53.427569, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:53.427705, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.427966, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:53.428249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:53.428371, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.428515, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.431362, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.431568, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.431721, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.431843, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:53.431964, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:53.432084, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002b-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.432640, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.432886, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.433078, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.433333, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.433454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.434050, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.434173, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:53.434354, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/08/30 15:27:53.434474, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:53.434601, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:53.436799, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:53.436937, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:53.437057, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:53.437179, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.437242, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7873 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:53.439346, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:53.440711, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:53.440857, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:53.440993, 3] smbd/process.c:1662(process_smb) > Transaction 45 of length 106 (0 toread) >[2012/08/30 15:27:53.441111, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.441177, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7936 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:53.443333, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:53.443553, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.443684, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.443839, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:53.444001, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:53.444129, 5] smbd/files.c:140(file_new) > allocated file structure 13662, fnum = 17758 (2 used) >[2012/08/30 15:27:53.444254, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:53.444399, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:53.444526, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:53.444671, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:53.444795, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:53.445878, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:53.446055, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:53.446178, 3] smbd/process.c:1662(process_smb) > Transaction 46 of length 45 (0 toread) >[2012/08/30 15:27:53.446334, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.446409, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8000 > smt_wct=3 > smb_vwv[ 0]=17757 (0x455D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:53.447466, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.447566, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.447695, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.447868, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17757 (numopen=2) >[2012/08/30 15:27:53.447993, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:53.448150, 5] smbd/files.c:482(file_free) > freed files structure 17757 (1 used) >[2012/08/30 15:27:53.448270, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.448332, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8000 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:53.449292, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.451486, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:53.451912, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:53.452035, 3] smbd/process.c:1662(process_smb) > Transaction 47 of length 228 (0 toread) >[2012/08/30 15:27:53.452235, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.452330, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8064 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17758 (0x455E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:53.454126, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:53.454994, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.455203, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.455324, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455e name: spoolss len: 160 >[2012/08/30 15:27:53.455443, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:53.455618, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:53.455766, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:53.455890, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.456008, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.456156, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.458404, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:53.458544, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.458661, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.458777, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:53.458896, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.459022, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.463119, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:53.463258, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.463382, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:53.463558, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:53.463700, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.467516, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.469307, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:53.469417, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:53.470625, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:53.470758, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:53.470880, 3] smbd/process.c:1662(process_smb) > Transaction 48 of length 63 (0 toread) >[2012/08/30 15:27:53.471025, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.471090, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8128 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17758 (0x455E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:53.473002, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.473061, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.473166, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.473258, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.473370, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:53.473463, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:53.473568, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:53.473667, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:53.476838, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:53.477088, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:53.477289, 3] smbd/process.c:1662(process_smb) > Transaction 49 of length 296 (0 toread) >[2012/08/30 15:27:53.477540, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.477652, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8192 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17758 (0x455E) > smb_bcc=225 >[2012/08/30 15:27:53.480615, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:53.482528, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.482806, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.483038, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:53.483283, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.483493, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.483872, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.484089, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455e) >[2012/08/30 15:27:53.484322, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:53.484530, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:53.484760, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:53.484960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:53.485177, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.485386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.485585, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.485786, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:53.485986, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.486186, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.486380, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:53.486579, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.486783, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:53.487908, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.487926, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.487943, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.487959, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:53.487974, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:53.487989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:53.488350, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:53.488505, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.488746, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:53.488942, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:53.489171, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:53.489471, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:53.489606, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.489836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.490059, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.490199, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:53.492776, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:53.492960, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:53.493081, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.493206, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.493331, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.493451, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.493569, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.493691, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.493900, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:53.495198, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:53.495316, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.495422, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.495646, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.495767, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.495887, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.496006, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.496205, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:53.498269, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:53.498444, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.498571, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:53.498690, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.498821, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:53.498938, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:53.499057, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:53.499178, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:53.499311, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:53.500243, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.500386, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.500521, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.500688, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.500838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.501635, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.501789, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.501924, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.502053, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.502184, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.502328, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.502484, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.502629, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.502759, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.502974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.503479, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.505083, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.505287, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.505420, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.505541, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.505657, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.505774, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.505889, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.506029, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.506161, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.506279, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.506398, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.506517, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.506634, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.506750, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.506883, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.507030, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.507149, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.507268, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.507385, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.507598, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.507719, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.507877, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.508011, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.508132, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.508252, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.508369, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.508487, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.508693, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.508843, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.508969, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.509335, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.509471, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.511495, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.512285, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.512462, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.512609, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.512749, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.512888, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.513043, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.513175, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.513332, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.513486, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.513622, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.513758, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.513890, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.514023, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.514152, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.514311, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.514468, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.514604, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.514732, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.514854, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.514972, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.515091, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.515210, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.515330, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.515748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.516809, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:53.516943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000034-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.517409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.517608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 34 00 00 00 00 00 00 00 3F 50 B9 BE ....4... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.517803, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.517940, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:53.518059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.518536, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000033-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.518946, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.519141, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 33 00 00 00 00 00 00 00 3F 50 B9 BE ....3... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.519336, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.519455, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:53.519628, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.520172, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.520692, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.520827, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:53.520950, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.521066, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.521182, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.521387, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:53.521515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.521633, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:53.521756, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:53.523108, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:53.523227, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:53.523351, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:53.523470, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:53.523618, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.523680, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8192 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:53.525241, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 32 00 00 ........ .....2.. > [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:53.529401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/08/30 15:27:53.529854, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/08/30 15:27:53.529999, 3] smbd/process.c:1662(process_smb) > Transaction 50 of length 4244 (0 toread) >[2012/08/30 15:27:53.530129, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.530203, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8256 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17758 (0x455E) > smb_bcc=4173 >[2012/08/30 15:27:53.532428, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 32 00 00 .$...... .....2.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:53.535555, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.535700, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.535820, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:53.539034, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:53.539451, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:53.539626, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/08/30 15:27:53.539747, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.539862, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.540011, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.540130, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455e) >[2012/08/30 15:27:53.540437, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:53.540560, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/08/30 15:27:53.540678, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/08/30 15:27:53.540795, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/08/30 15:27:53.540908, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.541116, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.541233, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.541349, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/08/30 15:27:53.541467, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.541583, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.541698, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/08/30 15:27:53.541820, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.541946, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/08/30 15:27:53.563254, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.563389, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.563592, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.563720, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:53.563862, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:53.563987, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-3f50-b9beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/08/30 15:27:53.585286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.585493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.585686, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.585816, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.585941, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.586059, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.586183, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.586320, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.587086, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.587205, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.587326, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.587443, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.587609, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.587732, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.587908, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.588041, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.588195, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.588404, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.588901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.590509, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.590717, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.590837, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.591149, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.591278, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.591398, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.591561, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.591728, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.591862, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.591982, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.592122, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.592248, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.592367, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.592484, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.592618, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.592749, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.593228, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.593366, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.593485, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.593606, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.593723, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.593865, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.594002, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.594123, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.594246, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.594368, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.594487, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.594604, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.594754, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.594874, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.594996, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.595113, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.595238, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.595544, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.595701, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.595863, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.595984, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.596102, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.596221, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.596338, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.596488, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.596642, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.596762, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.596882, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.596999, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.597117, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.597237, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.597375, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.597510, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.597631, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.597763, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.597887, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.598004, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.598122, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.598240, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.598359, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.598556, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.599064, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:53.600626, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.600841, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:53.600961, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.601103, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:53.601223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:53.601342, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:53.601461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:53.601579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:53.601698, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:53.601833, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:53.601952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:53.602071, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:53.602190, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:53.602308, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:53.602428, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:53.602547, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:53.602666, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:53.602785, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:53.602904, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:53.603025, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:53.603144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:53.603263, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.603399, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:53.604946, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.606239, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.606457, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.606580, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.607926, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.609379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.609574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.609695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:53.611380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.612998, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.613205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.613330, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.614657, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.615989, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.616189, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.616312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:53.619635, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.621156, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.621353, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.621475, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.623471, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.624806, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.625000, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.625121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:53.627341, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.628706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.628902, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.629024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.630330, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.631937, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.632150, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.632273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:53.648097, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.649400, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.649595, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.649735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.652697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.653981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.654176, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.654297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.655641, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.657071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.657268, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.657396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.658716, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.660066, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.660263, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.660438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:53.663019, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.664319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.664514, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.664634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.666652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.668123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.668356, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.668481, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.669647, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.670953, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.671153, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.671273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.672730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.674003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.674279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.674401, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:53.675596, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.677073, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.677290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.677412, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.678700, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.680173, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.680376, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.680496, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.681810, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.682970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.683166, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.683286, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.683409, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:53.683572, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:53.684277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.685056, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.685178, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.685299, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.685417, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.685536, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.685653, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.685801, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.685935, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.686057, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.686276, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.686775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.688380, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.688583, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.688702, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.688833, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.688949, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.689067, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.689183, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.689327, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.689460, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.689634, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.689756, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.689873, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.689990, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.690105, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.690239, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.690371, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.690489, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.690612, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.690728, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.690845, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.690961, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.691092, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.691224, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.691570, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.691692, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.691835, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.691954, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.692193, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.692339, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.693692, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.693821, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.693940, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.694062, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.694178, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.694327, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.694446, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:53.694567, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.694683, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.694801, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.694916, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.695051, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.695204, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.695322, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:53.695481, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.699007, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.699141, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.699278, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.699430, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.699598, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.699945, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:53.700093, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:53.700214, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.700337, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.700513, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.700633, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.700755, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.700954, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.701771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.703105, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.703319, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.703444, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.707159, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:53.707487, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.708638, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:53.708873, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:53.709094, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:53.709287, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:53.709459, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:53.709647, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:53.710671, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:53.711262, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:53.711480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:53.711650, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:53.715911, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:53.716085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:53.716243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:53.716383, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:53.716550, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:53.716686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:53.716842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:53.717202, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:53.717355, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:53.719340, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:53.721004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.721281, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.721423, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:53.721552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:53.739517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000038-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.740706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.740941, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 38 00 00 00 00 00 00 00 3F 50 B9 BE ....8... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.741160, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.741281, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.741409, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.741980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000037-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.742428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.742641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 37 00 00 00 00 00 00 00 3F 50 B9 BE ....7... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.742856, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.742998, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.743133, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.743684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000036-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.744167, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.744367, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 36 00 00 00 00 00 00 00 3F 50 B9 BE ....6... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.744621, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.744746, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:53.744879, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.745406, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000035-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.745871, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.746063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 35 00 00 00 00 00 00 00 3F 50 B9 BE ....5... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.746287, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.746408, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:53.746559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.747161, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:53.766865, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.767003, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4140 >[2012/08/30 15:27:53.767191, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.767311, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. >[2012/08/30 15:27:53.767436, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x1028 (4136) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00001010 (4112) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4112 > [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ > [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... > [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... > [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:53.788983, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:53.789115, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:53.789235, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:53.789353, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:53.789472, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.789551, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8256 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:53.790887, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... > [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ > [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ > [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. > [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. > [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:53.794648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:53.794837, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:53.794956, 3] smbd/process.c:1662(process_smb) > Transaction 51 of length 63 (0 toread) >[2012/08/30 15:27:53.795074, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.795135, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8320 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17758 (0x455E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3112 (0xC28) > smb_vwv[ 6]= 3112 (0xC28) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3112 (0xC28) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:53.796637, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.796704, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.796823, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.796945, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3112 >[2012/08/30 15:27:53.797086, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. >[2012/08/30 15:27:53.797207, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:53.797336, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:53.797467, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 3112 bytes. There is more data outstanding >[2012/08/30 15:27:53.797602, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3112 max=3112 nread=3112 >[2012/08/30 15:27:53.805550, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:53.805745, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:53.805886, 3] smbd/process.c:1662(process_smb) > Transaction 52 of length 106 (0 toread) >[2012/08/30 15:27:53.806004, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.806065, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8384 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:53.808406, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:53.808612, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.808735, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.808911, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:53.809036, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:53.809158, 5] smbd/files.c:140(file_new) > allocated file structure 13663, fnum = 17759 (2 used) >[2012/08/30 15:27:53.809303, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:53.809433, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:53.809593, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:53.809756, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:53.809908, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:53.811015, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:53.811164, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:53.811437, 3] smbd/process.c:1662(process_smb) > Transaction 53 of length 228 (0 toread) >[2012/08/30 15:27:53.811612, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.811673, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8448 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17759 (0x455F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:53.813250, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:53.814074, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.814193, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.814312, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455f name: spoolss len: 160 >[2012/08/30 15:27:53.814431, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:53.814568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:53.814696, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:53.814814, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.814945, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.815084, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.815200, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:53.815318, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.815473, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:53.815609, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:53.815728, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.815878, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.819137, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:53.819281, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.819420, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:53.820405, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:53.820543, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:53.820697, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:53.822567, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:53.822704, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:53.823920, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:53.824210, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:53.824331, 3] smbd/process.c:1662(process_smb) > Transaction 54 of length 63 (0 toread) >[2012/08/30 15:27:53.824448, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.824509, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8512 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17759 (0x455F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:53.826328, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:53.826393, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.826512, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.826637, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.826767, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:53.826887, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:53.827028, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:53.827146, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:53.827611, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:53.827803, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:53.828007, 3] smbd/process.c:1662(process_smb) > Transaction 55 of length 296 (0 toread) >[2012/08/30 15:27:53.828246, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.828309, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8576 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17759 (0x455F) > smb_bcc=225 >[2012/08/30 15:27:53.830003, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:53.831213, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.831336, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.831459, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:53.831611, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.831770, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.831887, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.832007, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455f) >[2012/08/30 15:27:53.832129, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:53.832250, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:53.832368, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:53.832498, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:53.832646, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.832764, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.832892, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.833026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:53.833150, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.833266, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:53.833381, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:53.833516, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.833637, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:53.836049, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.836168, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.836303, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.836422, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:53.836558, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:53.836681, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:53.838454, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:53.838595, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.838790, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:53.839025, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:53.839229, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:53.839481, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/08/30 15:27:53.839641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.839846, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.840071, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.840196, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:53.843296, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:53.843485, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:53.843624, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.843750, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.843873, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.844004, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.844121, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.844240, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.844454, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:53.845535, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:53.845707, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.845828, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.845950, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.846070, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:53.846188, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:53.846304, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:53.846510, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:53.847898, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:53.848051, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:53.848179, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:53.848297, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:53.848425, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:53.848560, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:53.848679, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:53.848799, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:53.848920, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:53.849044, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.849168, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.849285, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.849407, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.849566, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.850337, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.850458, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.850578, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.850704, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.850838, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.850954, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.851096, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.851255, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.851377, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.851637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.852163, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.853716, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.853928, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.854046, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.854166, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.854285, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.854403, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.854519, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.854676, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.854827, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.854952, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.855072, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.855200, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.855326, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.855443, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.855665, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.855798, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.855917, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.856053, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.856170, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.856288, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.856403, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.856551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.856683, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.856802, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.856922, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.857056, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.857173, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.857289, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.857433, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.857553, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.857673, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.857791, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.857912, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.858029, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.858168, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.858308, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.858437, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.858555, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.858674, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.858803, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.858946, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.859083, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.859205, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.859326, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.859623, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.859746, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.859862, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.860003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.860139, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.860278, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.860398, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.860518, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.860640, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.860761, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.860881, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.861002, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.861222, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.861718, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:53.861853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003b-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.862287, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.862502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3B 00 00 00 00 00 00 00 3F 50 B9 BE ....;... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.862706, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.862825, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:53.862961, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.863483, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003a-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:53.863915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.864109, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3A 00 00 00 00 00 00 00 3F 50 B9 BE ....:... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.864320, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:53.864436, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:53.864554, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:53.865069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000039-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.865541, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:53.865664, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:53.865792, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:53.865910, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:53.866037, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:53.867426, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:53.867946, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:53.868091, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:53.868229, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:53.868348, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.868409, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8576 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:53.870212, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 39 00 00 ........ .....9.. > [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:53.872859, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4240 >[2012/08/30 15:27:53.873021, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x1090 >[2012/08/30 15:27:53.873159, 3] smbd/process.c:1662(process_smb) > Transaction 56 of length 4244 (0 toread) >[2012/08/30 15:27:53.873276, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:53.873337, 5] lib/util.c:342(show_msg) > size=4240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8640 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 4156 (0x103C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 4156 (0x103C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17759 (0x455F) > smb_bcc=4173 >[2012/08/30 15:27:53.875098, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 10 00 00 03 00 00 ........ .<...... > [0020] 00 24 10 00 00 00 00 08 00 00 00 00 00 39 00 00 .$...... .....9.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:53.877557, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:53.877700, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:53.877827, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=4156 params=0 setup=2 >[2012/08/30 15:27:53.877966, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:53.878081, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:53.878199, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:53.878318, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455f) >[2012/08/30 15:27:53.878436, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:53.878558, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4156 >[2012/08/30 15:27:53.878679, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4156 >[2012/08/30 15:27:53.878801, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4156 >[2012/08/30 15:27:53.878921, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:53.879038, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:53.879155, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.879291, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4140 >[2012/08/30 15:27:53.879410, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:53.879557, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4140 >[2012/08/30 15:27:53.879690, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4140, incoming data = 4140 >[2012/08/30 15:27:53.879822, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:53.879948, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x103c (4156) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00001024 (4132) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4132 > [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 10 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 10 00 00 .... >[2012/08/30 15:27:53.905882, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:53.906014, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:53.906137, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:53.906259, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:53.906381, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:53.906504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000039-0000-0000-3f50-b9beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=4096 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00001000 (4096) >[2012/08/30 15:27:53.928958, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.929205, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.929403, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:53.929555, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:53.929682, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:53.929802, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:53.929929, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:53.930066, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.930932, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:53.931056, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:53.931181, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:53.931308, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:53.931426, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.931603, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:53.931911, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:53.932044, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.932177, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.932378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.932872, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-3f50-b9beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:53.934402, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.934603, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:53.934721, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:53.934840, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.934974, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.935092, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.935207, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:53.935347, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:53.935479, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:53.935610, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:53.935778, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.935894, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.936011, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.936129, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.936263, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:53.936394, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:53.936511, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:53.936648, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.936764, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.936881, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.936996, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.937130, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:53.937263, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:53.937381, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:53.937518, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.937635, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.937752, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.937868, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:53.938014, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:53.938133, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:53.938253, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.938370, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.938506, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.938621, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:53.938758, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:53.938879, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:53.938999, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.939181, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.939328, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.939446, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.939649, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:53.939788, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:53.939907, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:53.940055, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.940189, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.940308, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:53.940424, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.940563, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.940733, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:53.940854, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:53.940973, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:53.941111, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:53.941229, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:53.941347, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:53.941465, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:53.941600, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.941794, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > result : WERR_OK >[2012/08/30 15:27:53.942282, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:53.943054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.943288, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:53.943415, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.943580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:53.943720, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:53.943840, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:53.943959, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:53.944077, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:53.944216, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:53.944335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:53.944455, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:53.944576, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:53.944695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:53.944814, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:53.944933, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:53.945057, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:53.945176, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:53.945295, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:53.945414, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:53.945535, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:53.945654, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:53.945773, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.945909, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:53.947472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.948789, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.948988, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.949119, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.950477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.951864, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.952059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.952197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:53.953746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.955065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.955404, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.955553, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.956885, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.958160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.958354, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.958474, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:53.962868, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.964243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.964444, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.964588, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.966615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.968068, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.968266, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.968388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:53.970565, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.971932, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.972129, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.972251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.973552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.975094, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.975290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.975427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:53.991769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.993123, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.993332, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.993465, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:53.995567, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.996900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:53.997103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:53.997228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:53.998559, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:53.999884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.000096, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.000216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.001550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.002824, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.003018, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.003141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:54.006654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.008118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.008314, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.008436, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:54.010521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.011951, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.012171, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.012296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.013499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.014835, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.015032, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.015153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.016670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.017960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.018157, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.018277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.019493, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.020876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.021073, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.021196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.022511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.023868, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.024065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.024203, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.025552, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.026735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.026934, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.027053, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.027174, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:54.027292, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:54.028158, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.028951, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.029074, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.029195, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.029334, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.029453, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.029568, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.029715, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.029847, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.029969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.030182, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003e-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.030696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003e-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.032308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.032526, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:54.032647, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.032771, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.032888, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.033008, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.033124, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.033291, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:54.033427, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:54.033546, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.033670, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.033787, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.033905, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.034020, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.034156, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.034288, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:54.034406, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.034525, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.034658, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.034776, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.034891, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.035039, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.035171, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:54.035289, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.035409, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.035570, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.035699, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.035815, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.035975, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.036094, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.036214, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.036350, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.036475, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.036590, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.036727, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:54.036849, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:54.036969, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.037085, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.037203, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.037336, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.037470, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.037603, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.037724, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:54.037846, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.037962, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.038080, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.038198, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.038334, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.038468, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.038604, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:54.038723, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:54.038840, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.038958, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.039143, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.039262, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.039382, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.039662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.040181, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.041356, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.041549, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.041667, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.041802, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.041922, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.042060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:54.042198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:54.042319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:54.042439, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:54.042558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:54.042681, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:54.042801, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:54.042923, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:54.043037, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:54.043226, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:54.043347, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:54.043559, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:54.043693, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:54.043820, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:54.043958, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:54.044078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:54.044197, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:54.044316, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:54.044461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:54.045138, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.046391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.046586, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.046721, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.046841, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:54.064383, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003f-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.064818, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.065019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3F 00 00 00 00 00 00 00 3F 50 BA BE ....?... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.065214, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.065350, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.065477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.065966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003e-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.066379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.066591, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3E 00 00 00 00 00 00 00 3F 50 BA BE ....>... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.066793, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.066910, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.067044, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.067562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003d-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:54.068019, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.068216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3D 00 00 00 00 00 00 00 3F 50 B9 BE ....=... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.068409, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.068546, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.068663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.069140, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000003c-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:54.069552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.069772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 3C 00 00 00 00 00 00 00 3F 50 B9 BE ....<... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.069964, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.070099, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.070216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.070762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:54.088631, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.088771, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4140 >[2012/08/30 15:27:54.088923, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.089042, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 4112. >[2012/08/30 15:27:54.089167, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x1028 (4136) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00001010 (4112) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4112 > [0000] 04 00 02 00 00 10 00 00 EE 0F 00 00 CC 0F 00 00 ........ ........ > [0010] BC 0F 00 00 96 0F 00 00 86 0F 00 00 6C 0F 00 00 ........ ....l... > [0020] 6A 0F 00 00 70 0E 00 00 68 0F 00 00 56 0F 00 00 j...p... h...V... > [0030] 4E 0F 00 00 4C 0F 00 00 78 0D 00 00 48 10 00 00 N...L... x...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0D90] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0DA0] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0DB0] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [0DC0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [0DD0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [0DE0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [0DF0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [0E00] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [0E10] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E20] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0E30] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0E40] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0E50] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0E60] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0E70] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0E80] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0E90] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [0EC0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [0ED0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [0EE0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0F60] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0F70] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0F80] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0F90] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0FA0] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0FB0] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [0FC0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [0FD0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [0FE0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [0FF0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [1000] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:54.111044, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:54.111173, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:54.111310, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:54.111430, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:54.111601, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.111671, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8640 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:54.113178, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 10 00 00 03 00 00 ........ .(...... > [0010] 00 10 10 00 00 00 00 00 00 04 00 02 00 00 10 00 ........ ........ > [0020] 00 EE 0F 00 00 CC 0F 00 00 BC 0F 00 00 96 0F 00 ........ ........ > [0030] 00 86 0F 00 00 6C 0F 00 00 6A 0F 00 00 70 0E 00 .....l.. .j...p.. > [0040] 00 68 0F 00 00 56 0F 00 00 4E 0F 00 00 4C 0F 00 .h...V.. .N...L.. > [0050] 00 78 0D 00 00 48 10 00 00 01 00 00 00 01 00 00 .x...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.116660, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:54.116888, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:54.117014, 3] smbd/process.c:1662(process_smb) > Transaction 57 of length 63 (0 toread) >[2012/08/30 15:27:54.117131, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.117192, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8704 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17759 (0x455F) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3112 (0xC28) > smb_vwv[ 6]= 3112 (0xC28) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3112 (0xC28) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:54.118661, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:54.118726, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.118861, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.118983, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3112 >[2012/08/30 15:27:54.119103, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 4136, current_pdu_sent = 1024 returning 3112 bytes. >[2012/08/30 15:27:54.119227, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:54.119355, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:54.119484, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 3112 bytes. There is more data outstanding >[2012/08/30 15:27:54.119620, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3112 max=3112 nread=3112 >[2012/08/30 15:27:54.121750, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:54.121944, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:54.122063, 3] smbd/process.c:1662(process_smb) > Transaction 58 of length 106 (0 toread) >[2012/08/30 15:27:54.122181, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.122242, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8768 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:54.124640, 10] ../lib/util/util.c:415(dump_data) > [0000] F4 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:54.124866, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.124988, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.125113, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:54.125252, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:54.125373, 5] smbd/files.c:140(file_new) > allocated file structure 13664, fnum = 17760 (3 used) >[2012/08/30 15:27:54.125496, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:54.125637, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:54.125763, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 3 for pipe \spoolss >[2012/08/30 15:27:54.125890, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:54.126028, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:54.126967, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:54.127141, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:54.127260, 3] smbd/process.c:1662(process_smb) > Transaction 59 of length 228 (0 toread) >[2012/08/30 15:27:54.127377, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.127438, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8832 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:54.129129, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:54.129983, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.130106, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.130242, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4560 name: spoolss len: 160 >[2012/08/30 15:27:54.130447, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:54.130574, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:54.130693, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:54.130811, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.130933, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.131049, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:54.131165, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:54.131284, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.131421, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:54.131593, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:54.131716, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.131842, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:54.134906, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:54.135026, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:54.135144, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:54.135263, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:54.135382, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:54.135636, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:54.137519, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:54.137652, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:54.138410, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:54.138571, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:54.138690, 3] smbd/process.c:1662(process_smb) > Transaction 60 of length 63 (0 toread) >[2012/08/30 15:27:54.138807, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.138880, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=8896 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:54.140498, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:54.140563, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.140692, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.140848, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.140972, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:54.141094, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:54.141244, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:54.141363, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:54.141984, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:54.142158, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:54.142277, 3] smbd/process.c:1662(process_smb) > Transaction 61 of length 296 (0 toread) >[2012/08/30 15:27:54.142394, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.142472, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8960 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=225 >[2012/08/30 15:27:54.144321, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 08 00 02 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:54.145422, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.145570, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.145698, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:54.145820, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.145954, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.146072, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.146189, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.146310, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 >[2012/08/30 15:27:54.146430, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:54.146549, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:54.146677, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:54.146814, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.146932, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.147048, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:54.147169, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:54.147423, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.147568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:54.147695, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:54.147814, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.147952, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 08 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:54.150195, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.150323, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.150447, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.150567, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:54.150685, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:54.150810, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00020008 (131080) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 1: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:54.152647, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:54.152773, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.152968, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:54.153158, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:54.153354, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:54 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:54.153616, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 3 printer handles active >[2012/08/30 15:27:54.153733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.153928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.154121, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:54.154261, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:54.157731, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:54.157896, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:54.158015, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:54.158160, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:54.158283, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:54.158409, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:54.158530, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:54.158646, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:54.158866, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:54.159986, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:54.160203, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:54.160325, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:54.160463, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:54.160581, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:54.160709, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:54.160835, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:54.161023, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:54.162537, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:54.162689, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:54.162817, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:54.162933, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:54.163059, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:54.163189, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:54.163314, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:54.163426, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:54.163631, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:54.163792, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:54.163919, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:54.164047, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:54.164174, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:54.164310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.165077, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.165209, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.165329, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.165445, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.165565, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.165698, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.165842, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.165991, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.166113, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.166324, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000041-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.166827, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000041-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.168398, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.168599, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:54.168717, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.168837, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.168955, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.169076, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.169191, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.169365, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:54.169499, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:54.169617, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.169794, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.169914, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.170033, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.170165, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.170300, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.170462, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:54.170584, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.170704, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.170821, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.170941, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.171056, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.171190, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.171323, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:54.171441, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.171619, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.171754, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.171875, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.171991, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.172137, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.172257, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.172379, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.172515, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.172628, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.172835, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.172980, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:54.173100, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.173223, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.173349, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.173469, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.173585, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.173724, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.173876, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.173995, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.174133, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.174251, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.174371, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.174490, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.174644, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.174845, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.174967, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.175086, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.175209, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.175357, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.175508, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.175654, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.175774, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.175986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000042-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.176486, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:54.176615, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000042-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.177045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.177248, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 42 00 00 00 00 00 00 00 3F 50 BA BE ....B... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.177441, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.177630, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.177749, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.178229, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000041-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.178660, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.178857, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 41 00 00 00 00 00 00 00 3F 50 BA BE ....A... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.179050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.179184, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.179310, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.179973, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.180453, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.180577, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:54.180726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.180846, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:54.180975, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:54.182413, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:54.182537, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:54.182685, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:54.182808, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:54.182958, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.183029, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=8960 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:54.184943, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 40 00 00 ........ .....@.. > [0020] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:54.197844, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 144 >[2012/08/30 15:27:54.198132, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/08/30 15:27:54.198274, 3] smbd/process.c:1662(process_smb) > Transaction 62 of length 148 (0 toread) >[2012/08/30 15:27:54.198393, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.198454, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9024 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=77 >[2012/08/30 15:27:54.200299, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 03 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 22 00 00 00 00 00 40 00 00 .$....." .....@.. > [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 00 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:54.200708, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.200847, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.200973, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2012/08/30 15:27:54.201103, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.201222, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.201339, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.201456, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.201574, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 >[2012/08/30 15:27:54.201697, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2012/08/30 15:27:54.201816, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2012/08/30 15:27:54.201932, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 >[2012/08/30 15:27:54.202066, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.202184, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.202300, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:54.202427, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:54.202551, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.202668, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:54.202794, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 >[2012/08/30 15:27:54.202918, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.203041, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 .... >[2012/08/30 15:27:54.204678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.204798, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.204918, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.205039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/08/30 15:27:54.205160, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fd50aecf370 >[2012/08/30 15:27:54.205354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > in: struct spoolss_EnumForms > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=0 > offered : 0x00000000 (0) >[2012/08/30 15:27:54.206067, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [0] > Info level [2] >[2012/08/30 15:27:54.206322, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > out: struct spoolss_EnumForms > count : * > count : 0x00000000 (0) > info : * > info : NULL > needed : * > needed : 0x00000000 (0) > result : WERR_UNKNOWN_LEVEL >[2012/08/30 15:27:54.206917, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.207037, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2012/08/30 15:27:54.207167, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.207286, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. >[2012/08/30 15:27:54.207409, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 04 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 7C 00 00 00 |... >[2012/08/30 15:27:54.209188, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:54.209344, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 44 bytes. There is no more data outstanding >[2012/08/30 15:27:54.209465, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2012/08/30 15:27:54.209583, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.209647, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9024 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:54.211027, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [0010] 00 14 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 7C 00 00 00 ........ .|... >[2012/08/30 15:27:54.212133, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 144 >[2012/08/30 15:27:54.212303, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x90 >[2012/08/30 15:27:54.212428, 3] smbd/process.c:1662(process_smb) > Transaction 63 of length 148 (0 toread) >[2012/08/30 15:27:54.212547, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.212609, 5] lib/util.c:342(show_msg) > size=144 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9088 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 60 (0x3C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 60 (0x3C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=77 >[2012/08/30 15:27:54.214471, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 3C 00 00 00 04 00 00 ........ .<...... > [0020] 00 24 00 00 00 00 00 22 00 00 00 00 00 40 00 00 .$....." .....@.. > [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 01 00 00 .....?P. ........ > [0040] 00 00 00 02 00 00 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:54.214888, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.215007, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.215150, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=60 params=0 setup=2 >[2012/08/30 15:27:54.215272, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.215389, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.215568, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.215715, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.215841, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 >[2012/08/30 15:27:54.215963, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 60 >[2012/08/30 15:27:54.216081, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 60 >[2012/08/30 15:27:54.216196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 60 >[2012/08/30 15:27:54.216316, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 60, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.216434, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.216551, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:54.216667, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:54.216788, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.216904, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:54.217020, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 44, incoming data = 44 >[2012/08/30 15:27:54.217140, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.217262, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x003c (60) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000024 (36) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=36 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 01 00 00 00 00 00 02 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 .... >[2012/08/30 15:27:54.218944, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.219066, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.219183, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.219303, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/08/30 15:27:54.219425, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fd50aecf370 >[2012/08/30 15:27:54.219696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > in: struct spoolss_EnumForms > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > level : 0x00000001 (1) > buffer : * > buffer : DATA_BLOB length=0 > offered : 0x00000000 (0) >[2012/08/30 15:27:54.220378, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [0] > Info level [1] >[2012/08/30 15:27:54.220634, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:54.220774, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:54.220891, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:54.221015, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:54.221167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.221934, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.222052, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.222178, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.222297, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.222415, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.222530, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.222674, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.222806, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.222927, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.223124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000043-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.223682, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000043-0000-0000-3f50-babeee0b0000 > name: struct winreg_String > name_len : 0x005a (90) > name_size : 0x005a (90) > name : * > name : 'SYSTEM\CurrentControlSet\Control\Print\Forms' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/30 15:27:54.225746, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.225953, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Control\Print\Forms' >[2012/08/30 15:27:54.226085, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.226207, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/30 15:27:54.226328, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.226461, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/30 15:27:54.226585, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/30 15:27:54.226705, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.226820, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] >[2012/08/30 15:27:54.226957, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2012/08/30 15:27:54.227087, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.227206, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/30 15:27:54.227327, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.227447, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.227641, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.227764, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.227881, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.228041, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.228195, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.228317, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.228436, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/08/30 15:27:54.228575, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.228697, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.228815, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.228967, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.229085, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.229223, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.229357, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.229478, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.229597, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.229720, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.229842, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.229960, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.230097, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.230213, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.230362, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.230513, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.230633, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Forms] >[2012/08/30 15:27:54.230751, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.230889, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.231005, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.231124, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.231251, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.231385, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.231651, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.231780, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.231900, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.232099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000044-0000-0000-3f50-babeee0b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/30 15:27:54.232714, 8] rpc_client/cli_winreg_spoolss.c:287(winreg_printer_openkey) > winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms >[2012/08/30 15:27:54.232850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000044-0000-0000-3f50-babeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:54.233571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.233784, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.233903, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.234040, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.234183, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:54.235766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000044-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.236181, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.236387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 44 00 00 00 00 00 00 00 3F 50 BA BE ....D... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.236586, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.236704, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.236840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.237321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000043-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.237733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.237927, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 43 00 00 00 00 00 00 00 3F 50 BA BE ....C... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.238137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.238254, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.238381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.239028, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > out: struct spoolss_EnumForms > count : * > count : 0x00000000 (0) > info : * > info : NULL > needed : * > needed : 0x00001de0 (7648) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:54.239753, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.239880, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 44 >[2012/08/30 15:27:54.240008, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.240128, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. >[2012/08/30 15:27:54.240252, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 04 00 02 00 00 00 00 00 E0 1D 00 00 00 00 00 00 ........ ........ > [0010] 7A 00 00 00 z... >[2012/08/30 15:27:54.241657, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 31828 >[2012/08/30 15:27:54.241796, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:54.241945, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 44 bytes. There is no more data outstanding >[2012/08/30 15:27:54.242065, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2012/08/30 15:27:54.242184, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.242248, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9088 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:54.243837, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0010] 00 14 00 00 00 00 00 00 00 04 00 02 00 00 00 00 ........ ........ > [0020] 00 E0 1D 00 00 00 00 00 00 7A 00 00 00 ........ .z... >[2012/08/30 15:27:54.245050, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4344 >[2012/08/30 15:27:54.245208, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/08/30 15:27:54.245328, 3] smbd/process.c:1662(process_smb) > Transaction 64 of length 4348 (0 toread) >[2012/08/30 15:27:54.245445, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.245510, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=9152 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/08/30 15:27:54.247094, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 00 01 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ > [0010] 00 7C 25 00 00 00 00 22 00 00 00 00 00 40 00 00 .|%...." .....@.. > [0020] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 01 00 00 .....?P. ........ > [0030] 00 00 00 02 00 58 25 00 00 00 00 00 00 00 00 00 .....X%. ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.249443, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.249565, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.249686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4560 name: spoolss len: 4280 >[2012/08/30 15:27:54.249807, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/08/30 15:27:54.249934, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4280 >[2012/08/30 15:27:54.250051, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4280 >[2012/08/30 15:27:54.250188, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4280, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.250306, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.250422, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4264 >[2012/08/30 15:27:54.250539, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4264 >[2012/08/30 15:27:54.250675, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.250792, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4264 >[2012/08/30 15:27:54.250908, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4264, incoming data = 4264 >[2012/08/30 15:27:54.251045, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.251182, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x01 (1) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x10b8 (4280) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000257c (9596) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4256 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 01 00 00 00 00 00 02 00 58 25 00 00 ........ ....X%.. > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.274445, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.274577, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.274702, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4264 >[2012/08/30 15:27:54.274815, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/08/30 15:27:54.275953, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 4344 >[2012/08/30 15:27:54.276114, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x10f8 >[2012/08/30 15:27:54.276240, 3] smbd/process.c:1662(process_smb) > Transaction 65 of length 4348 (0 toread) >[2012/08/30 15:27:54.276358, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.276419, 5] lib/util.c:342(show_msg) > size=4344 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=9216 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 4280 (0x10B8) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 4280 (0x10B8) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=4281 >[2012/08/30 15:27:54.278031, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 00 00 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ > [0010] 00 DC 14 00 00 00 00 22 00 00 00 00 00 00 00 00 ......." ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.280420, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.280542, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.280662, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4560 name: spoolss len: 4280 >[2012/08/30 15:27:54.280781, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 4280 >[2012/08/30 15:27:54.280902, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4280 >[2012/08/30 15:27:54.281018, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 4280 >[2012/08/30 15:27:54.281135, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 4280, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.281255, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.281378, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4264 >[2012/08/30 15:27:54.281495, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 4264 >[2012/08/30 15:27:54.281615, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.281750, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 4264 >[2012/08/30 15:27:54.281867, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 4264, incoming data = 4264 >[2012/08/30 15:27:54.281989, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.282119, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x10b8 (4280) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000014dc (5340) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4256 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.305095, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.305244, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.305371, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 4264 >[2012/08/30 15:27:54.305502, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=4280 >[2012/08/30 15:27:54.307119, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1192 >[2012/08/30 15:27:54.309327, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4a8 >[2012/08/30 15:27:54.309455, 3] smbd/process.c:1662(process_smb) > Transaction 66 of length 1196 (0 toread) >[2012/08/30 15:27:54.309573, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.309638, 5] lib/util.c:342(show_msg) > size=1192 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9280 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1108 (0x454) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1108 (0x454) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=1125 >[2012/08/30 15:27:54.312987, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 02 10 00 00 00 54 04 00 00 05 00 00 ........ .T...... > [0020] 00 3C 04 00 00 00 00 22 00 00 00 00 00 00 00 00 .<....." ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.315909, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.316065, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.316199, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1108 params=0 setup=2 >[2012/08/30 15:27:54.316320, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.316469, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.316586, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.316703, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.316860, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 1024 >[2012/08/30 15:27:54.316980, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1108 >[2012/08/30 15:27:54.317099, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1108 >[2012/08/30 15:27:54.317215, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1108 >[2012/08/30 15:27:54.317332, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1108, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.317449, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.317565, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1092 >[2012/08/30 15:27:54.317723, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1092 >[2012/08/30 15:27:54.317958, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.318076, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1092 >[2012/08/30 15:27:54.318196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1092, incoming data = 1092 >[2012/08/30 15:27:54.318314, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.318438, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x02 (2) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0454 (1108) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000043c (1084) > context_id : 0x0000 (0) > opnum : 0x0022 (34) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1084 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 58 25 00 00 ........ X%.. >[2012/08/30 15:27:54.325033, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.325160, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.325279, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.325400, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x22 - api_rpcTNP: rpc command: SPOOLSS_ENUMFORMS >[2012/08/30 15:27:54.325520, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[34].fn == 0x7fd50aecf370 >[2012/08/30 15:27:54.325645, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > in: struct spoolss_EnumForms > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > level : 0x00000001 (1) > buffer : * > buffer : DATA_BLOB length=9560 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [21F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [22F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [23F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [24F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2550] 00 00 00 00 00 00 00 00 ........ > offered : 0x00002558 (9560) >[2012/08/30 15:27:54.375107, 4] rpc_server/spoolss/srv_spoolss_nt.c:7481(_spoolss_EnumForms) > _spoolss_EnumForms > Offered buffer size [9560] > Info level [1] >[2012/08/30 15:27:54.375554, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:54.375709, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:54.375955, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:54.376100, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:54.376237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.377003, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.377127, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.377259, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.377377, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.377495, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.377611, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.377760, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.377961, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.378087, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.378286, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000045-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.378821, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > in: struct winreg_CreateKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000045-0000-0000-3f50-babeee0b0000 > name: struct winreg_String > name_len : 0x005a (90) > name_size : 0x005a (90) > name : * > name : 'SYSTEM\CurrentControlSet\Control\Print\Forms' > keyclass: struct winreg_String > name_len : 0x0002 (2) > name_size : 0x0002 (2) > name : * > name : '' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY > secdesc : NULL > action_taken : * > action_taken : REG_ACTION_NONE (0) >[2012/08/30 15:27:54.381709, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.381907, 10] rpc_server/winreg/srv_winreg_nt.c:782(_winreg_CreateKey) > _winreg_CreateKey called with parent key 'HKLM' and subkey name 'SYSTEM\CurrentControlSet\Control\Print\Forms' >[2012/08/30 15:27:54.382041, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.382178, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/30 15:27:54.382306, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.382428, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/30 15:27:54.382545, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/30 15:27:54.382663, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.382778, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] >[2012/08/30 15:27:54.382912, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2012/08/30 15:27:54.383046, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.383165, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/30 15:27:54.383283, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.383403, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.383558, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.383685, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.383826, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.383960, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.384088, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.384208, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.384325, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/08/30 15:27:54.384442, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.384561, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.384677, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.384798, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.384913, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.385044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.385172, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.385291, 5] ../lib/util/tdb_wrap.c:65(tdb_wrap_log) > tdb(/var/lib/samba/registry.tdb): tdb_transaction_start: nesting 1 >[2012/08/30 15:27:54.385408, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.385525, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.385644, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.385764, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.385881, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.385997, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.386135, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.386266, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.386385, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Forms] >[2012/08/30 15:27:54.386502, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.386645, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.386762, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.386880, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.386995, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.387121, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.387249, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.387374, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.387530, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.387899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CreateKey: struct winreg_CreateKey > out: struct winreg_CreateKey > new_handle : * > new_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000046-0000-0000-3f50-babeee0b0000 > action_taken : * > action_taken : REG_OPENED_EXISTING_KEY (2) > result : WERR_OK >[2012/08/30 15:27:54.388520, 8] rpc_client/cli_winreg_spoolss.c:287(winreg_printer_openkey) > winreg_printer_openkey: createkey opened existing SYSTEM\CurrentControlSet\Control\Print\Forms >[2012/08/30 15:27:54.388667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000046-0000-0000-3f50-babeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:54.389387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.389585, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.389704, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.389836, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Forms] >[2012/08/30 15:27:54.389978, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000000 (0) > max_valnamelen : * > max_valnamelen : 0x00000002 (2) > max_valbufsize : * > max_valbufsize : 0x00000000 (0) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:54.391811, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000046-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.392258, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.392504, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 46 00 00 00 00 00 00 00 3F 50 BA BE ....F... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.392716, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.392834, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.393378, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.393887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000045-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.397534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.397848, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 45 00 00 00 00 00 00 00 3F 50 BA BE ....E... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.398108, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.398262, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.398423, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.399243, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_EnumForms: struct spoolss_EnumForms > out: struct spoolss_EnumForms > count : * > count : 0x00000078 (120) > info : * > info : * > info: ARRAY(120) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '10x11' > size: struct spoolss_FormSize > width : 0x0003e030 (254000) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003e030 (254000) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '10x14' > size: struct spoolss_FormSize > width : 0x0003e030 (254000) > height : 0x00056d10 (355600) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003e030 (254000) > bottom : 0x00056d10 (355600) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '11x17' > size: struct spoolss_FormSize > width : 0x00044368 (279400) > height : 0x000696b8 (431800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00044368 (279400) > bottom : 0x000696b8 (431800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '12x11' > size: struct spoolss_FormSize > width : 0x0004a724 (304932) > height : 0x000443e1 (279521) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004a724 (304932) > bottom : 0x000443e1 (279521) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '15x11' > size: struct spoolss_FormSize > width : 0x0005d048 (381000) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0005d048 (381000) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '6 3/4 Envelope' > size: struct spoolss_FormSize > width : 0x000167ab (92075) > height : 0x000284ec (165100) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000167ab (92075) > bottom : 0x000284ec (165100) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : '9x11' > size: struct spoolss_FormSize > width : 0x00037cf8 (228600) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00037cf8 (228600) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A0' > size: struct spoolss_FormSize > width : 0x000cd528 (841000) > height : 0x00122488 (1189000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000cd528 (841000) > bottom : 0x00122488 (1189000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A1' > size: struct spoolss_FormSize > width : 0x00091050 (594000) > height : 0x000cd528 (841000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00091050 (594000) > bottom : 0x000cd528 (841000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A2' > size: struct spoolss_FormSize > width : 0x000668a0 (420000) > height : 0x00091050 (594000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000668a0 (420000) > bottom : 0x00091050 (594000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A3 Extra Transverse' > size: struct spoolss_FormSize > width : 0x0004e9d0 (322000) > height : 0x0006ca48 (445000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004e9d0 (322000) > bottom : 0x0006ca48 (445000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A3 Extra' > size: struct spoolss_FormSize > width : 0x0004e9d0 (322000) > height : 0x0006ca48 (445000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004e9d0 (322000) > bottom : 0x0006ca48 (445000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A3 Rotated' > size: struct spoolss_FormSize > width : 0x000668a0 (420000) > height : 0x00048828 (297000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000668a0 (420000) > bottom : 0x00048828 (297000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A3 Transverse' > size: struct spoolss_FormSize > width : 0x00048828 (297000) > height : 0x000668a0 (420000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00048828 (297000) > bottom : 0x000668a0 (420000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A3' > size: struct spoolss_FormSize > width : 0x00048828 (297000) > height : 0x000668a0 (420000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00048828 (297000) > bottom : 0x000668a0 (420000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4 Extra' > size: struct spoolss_FormSize > width : 0x000397c2 (235458) > height : 0x0004eb16 (322326) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000397c2 (235458) > bottom : 0x0004eb16 (322326) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4 Plus' > size: struct spoolss_FormSize > width : 0x00033450 (210000) > height : 0x00050910 (330000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00033450 (210000) > bottom : 0x00050910 (330000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4 Rotated' > size: struct spoolss_FormSize > width : 0x00048828 (297000) > height : 0x00033450 (210000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00048828 (297000) > bottom : 0x00033450 (210000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4 Small' > size: struct spoolss_FormSize > width : 0x00033450 (210000) > height : 0x00048828 (297000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00033450 (210000) > bottom : 0x00048828 (297000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4 Transverse' > size: struct spoolss_FormSize > width : 0x00033450 (210000) > height : 0x00048828 (297000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00033450 (210000) > bottom : 0x00048828 (297000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A4' > size: struct spoolss_FormSize > width : 0x00033450 (210000) > height : 0x00048828 (297000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00033450 (210000) > bottom : 0x00048828 (297000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A5 Extra' > size: struct spoolss_FormSize > width : 0x0002a7b0 (174000) > height : 0x000395f8 (235000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002a7b0 (174000) > bottom : 0x000395f8 (235000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A5 Rotated' > size: struct spoolss_FormSize > width : 0x00033450 (210000) > height : 0x00024220 (148000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00033450 (210000) > bottom : 0x00024220 (148000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A5 Transverse' > size: struct spoolss_FormSize > width : 0x00024220 (148000) > height : 0x00033450 (210000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00024220 (148000) > bottom : 0x00033450 (210000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A5' > size: struct spoolss_FormSize > width : 0x00024220 (148000) > height : 0x00033450 (210000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00024220 (148000) > bottom : 0x00033450 (210000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A6 Rotated' > size: struct spoolss_FormSize > width : 0x00024220 (148000) > height : 0x00019a28 (105000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00024220 (148000) > bottom : 0x00019a28 (105000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'A6' > size: struct spoolss_FormSize > width : 0x00019a28 (105000) > height : 0x00024220 (148000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00019a28 (105000) > bottom : 0x00024220 (148000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B4 (ISO)' > size: struct spoolss_FormSize > width : 0x0003d090 (250000) > height : 0x000562e8 (353000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003d090 (250000) > bottom : 0x000562e8 (353000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B4 (JIS) Rotated' > size: struct spoolss_FormSize > width : 0x00058de0 (364000) > height : 0x0003ebe8 (257000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00058de0 (364000) > bottom : 0x0003ebe8 (257000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B4 (JIS)' > size: struct spoolss_FormSize > width : 0x0003ebe8 (257000) > height : 0x00058de0 (364000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003ebe8 (257000) > bottom : 0x00058de0 (364000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B5 (ISO) Extra' > size: struct spoolss_FormSize > width : 0x00031128 (201000) > height : 0x00043620 (276000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00031128 (201000) > bottom : 0x00043620 (276000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B5 (JIS) Rotated' > size: struct spoolss_FormSize > width : 0x0003ebe8 (257000) > height : 0x0002c6f0 (182000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003ebe8 (257000) > bottom : 0x0002c6f0 (182000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B5 (JIS) Transverse' > size: struct spoolss_FormSize > width : 0x0002c6f0 (182000) > height : 0x0003ebe8 (257000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002c6f0 (182000) > bottom : 0x0003ebe8 (257000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B5 (JIS)' > size: struct spoolss_FormSize > width : 0x0002c6f0 (182000) > height : 0x0003ebe8 (257000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002c6f0 (182000) > bottom : 0x0003ebe8 (257000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B6 (JIS) Rotated' > size: struct spoolss_FormSize > width : 0x0002c6f0 (182000) > height : 0x0001f400 (128000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002c6f0 (182000) > bottom : 0x0001f400 (128000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'B6 (JIS)' > size: struct spoolss_FormSize > width : 0x0001f400 (128000) > height : 0x0002c6f0 (182000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001f400 (128000) > bottom : 0x0002c6f0 (182000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'C size sheet' > size: struct spoolss_FormSize > width : 0x000696b8 (431800) > height : 0x000886d0 (558800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000696b8 (431800) > bottom : 0x000886d0 (558800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'D size sheet' > size: struct spoolss_FormSize > width : 0x000886d0 (558800) > height : 0x000d2d70 (863600) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000886d0 (558800) > bottom : 0x000d2d70 (863600) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Double Japan Postcard Rotated' > size: struct spoolss_FormSize > width : 0x00024220 (148000) > height : 0x00030d40 (200000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00024220 (148000) > bottom : 0x00030d40 (200000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'E size sheet' > size: struct spoolss_FormSize > width : 0x000d2d70 (863600) > height : 0x00110da0 (1117600) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000d2d70 (863600) > bottom : 0x00110da0 (1117600) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope #10' > size: struct spoolss_FormSize > width : 0x00019947 (104775) > height : 0x0003ae94 (241300) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00019947 (104775) > bottom : 0x0003ae94 (241300) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope #11' > size: struct spoolss_FormSize > width : 0x0001be7c (114300) > height : 0x00040565 (263525) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001be7c (114300) > bottom : 0x00040565 (263525) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope #12' > size: struct spoolss_FormSize > width : 0x0001d74a (120650) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001d74a (120650) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope #14' > size: struct spoolss_FormSize > width : 0x0001f018 (127000) > height : 0x00047504 (292100) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001f018 (127000) > bottom : 0x00047504 (292100) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope #9' > size: struct spoolss_FormSize > width : 0x00018079 (98425) > height : 0x00037091 (225425) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00018079 (98425) > bottom : 0x00037091 (225425) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope B4' > size: struct spoolss_FormSize > width : 0x0003d090 (250000) > height : 0x000562e8 (353000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003d090 (250000) > bottom : 0x000562e8 (353000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope B5' > size: struct spoolss_FormSize > width : 0x0002af80 (176000) > height : 0x0003d090 (250000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002af80 (176000) > bottom : 0x0003d090 (250000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope B6' > size: struct spoolss_FormSize > width : 0x0002af80 (176000) > height : 0x0001e848 (125000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002af80 (176000) > bottom : 0x0001e848 (125000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope C3' > size: struct spoolss_FormSize > width : 0x0004f1a0 (324000) > height : 0x0006fd10 (458000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004f1a0 (324000) > bottom : 0x0006fd10 (458000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope C4' > size: struct spoolss_FormSize > width : 0x00037e88 (229000) > height : 0x0004f1a0 (324000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00037e88 (229000) > bottom : 0x0004f1a0 (324000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope C5' > size: struct spoolss_FormSize > width : 0x000278d0 (162000) > height : 0x00037e88 (229000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000278d0 (162000) > bottom : 0x00037e88 (229000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope C6' > size: struct spoolss_FormSize > width : 0x0001bd50 (114000) > height : 0x000278d0 (162000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001bd50 (114000) > bottom : 0x000278d0 (162000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope C65' > size: struct spoolss_FormSize > width : 0x0001bd50 (114000) > height : 0x00037e88 (229000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001bd50 (114000) > bottom : 0x00037e88 (229000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope DL' > size: struct spoolss_FormSize > width : 0x0001adb0 (110000) > height : 0x00035b60 (220000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001adb0 (110000) > bottom : 0x00035b60 (220000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope Invite' > size: struct spoolss_FormSize > width : 0x00035b60 (220000) > height : 0x00035b60 (220000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00035b60 (220000) > bottom : 0x00035b60 (220000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope Monarch' > size: struct spoolss_FormSize > width : 0x00018079 (98425) > height : 0x0002e824 (190500) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00018079 (98425) > bottom : 0x0002e824 (190500) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Envelope' > size: struct spoolss_FormSize > width : 0x0001adb0 (110000) > height : 0x00038270 (230000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001adb0 (110000) > bottom : 0x00038270 (230000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Executive' > size: struct spoolss_FormSize > width : 0x0002cf56 (184150) > height : 0x000411cc (266700) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002cf56 (184150) > bottom : 0x000411cc (266700) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Folio' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x000509d8 (330200) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x000509d8 (330200) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'German Legal Fanfold' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x000509d8 (330200) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x000509d8 (330200) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'German Std Fanfold' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x0004a6a0 (304800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x0004a6a0 (304800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope Chou #3 Rotated' > size: struct spoolss_FormSize > width : 0x000395f8 (235000) > height : 0x0001d4c0 (120000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000395f8 (235000) > bottom : 0x0001d4c0 (120000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope Chou #4 Rotated' > size: struct spoolss_FormSize > width : 0x000320c8 (205000) > height : 0x00015f90 (90000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000320c8 (205000) > bottom : 0x00015f90 (90000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope Kaku #2 Rotated' > size: struct spoolss_FormSize > width : 0x000510e0 (332000) > height : 0x0003a980 (240000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000510e0 (332000) > bottom : 0x0003a980 (240000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope Kaku #3 Rotated' > size: struct spoolss_FormSize > width : 0x00043a08 (277000) > height : 0x00034bc0 (216000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00043a08 (277000) > bottom : 0x00034bc0 (216000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope You #4 Rotated' > size: struct spoolss_FormSize > width : 0x000395f8 (235000) > height : 0x00019a28 (105000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000395f8 (235000) > bottom : 0x00019a28 (105000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japan Envelope You #4' > size: struct spoolss_FormSize > width : 0x00019a28 (105000) > height : 0x000395f8 (235000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00019a28 (105000) > bottom : 0x000395f8 (235000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Double Postcard' > size: struct spoolss_FormSize > width : 0x00030d40 (200000) > height : 0x00024220 (148000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00030d40 (200000) > bottom : 0x00024220 (148000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Envelope Chou #3' > size: struct spoolss_FormSize > width : 0x0001d4c0 (120000) > height : 0x000395f8 (235000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001d4c0 (120000) > bottom : 0x000395f8 (235000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Envelope Chou #4' > size: struct spoolss_FormSize > width : 0x00015f90 (90000) > height : 0x000320c8 (205000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00015f90 (90000) > bottom : 0x000320c8 (205000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Envelope Kaku #2' > size: struct spoolss_FormSize > width : 0x0003a980 (240000) > height : 0x000510e0 (332000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003a980 (240000) > bottom : 0x000510e0 (332000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Envelope Kaku #3' > size: struct spoolss_FormSize > width : 0x00034bc0 (216000) > height : 0x00043a08 (277000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034bc0 (216000) > bottom : 0x00043a08 (277000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Postcard Rotated' > size: struct spoolss_FormSize > width : 0x00024220 (148000) > height : 0x000186a0 (100000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00024220 (148000) > bottom : 0x000186a0 (100000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Japanese Postcard' > size: struct spoolss_FormSize > width : 0x000186a0 (100000) > height : 0x00024220 (148000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000186a0 (100000) > bottom : 0x00024220 (148000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Ledger' > size: struct spoolss_FormSize > width : 0x000696b8 (431800) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000696b8 (431800) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Legal Extra' > size: struct spoolss_FormSize > width : 0x0003ae94 (241300) > height : 0x0005d048 (381000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003ae94 (241300) > bottom : 0x0005d048 (381000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Legal' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x00056d10 (355600) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x00056d10 (355600) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Extra Transverse' > size: struct spoolss_FormSize > width : 0x0003ae94 (241300) > height : 0x0004a6a0 (304800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003ae94 (241300) > bottom : 0x0004a6a0 (304800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Extra' > size: struct spoolss_FormSize > width : 0x0003ae94 (241300) > height : 0x0004a6a0 (304800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003ae94 (241300) > bottom : 0x0004a6a0 (304800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Plus' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x0004eb16 (322326) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x0004eb16 (322326) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Rotated' > size: struct spoolss_FormSize > width : 0x00044368 (279400) > height : 0x00034b5c (215900) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00044368 (279400) > bottom : 0x00034b5c (215900) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Small' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter Transverse' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Letter' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Note' > size: struct spoolss_FormSize > width : 0x00034b5c (215900) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00034b5c (215900) > bottom : 0x00044368 (279400) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 16K Rotated' > size: struct spoolss_FormSize > width : 0x0003f7a0 (260000) > height : 0x0002de60 (188000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0003f7a0 (260000) > bottom : 0x0002de60 (188000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 16K' > size: struct spoolss_FormSize > width : 0x0002de60 (188000) > height : 0x0003f7a0 (260000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002de60 (188000) > bottom : 0x0003f7a0 (260000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 32K Rotated' > size: struct spoolss_FormSize > width : 0x0002cec0 (184000) > height : 0x0001fbd0 (130000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002cec0 (184000) > bottom : 0x0001fbd0 (130000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 32K' > size: struct spoolss_FormSize > width : 0x0001fbd0 (130000) > height : 0x0002cec0 (184000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001fbd0 (130000) > bottom : 0x0002cec0 (184000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 32K(Big) Rotated' > size: struct spoolss_FormSize > width : 0x000318f8 (203000) > height : 0x000222e0 (140000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000318f8 (203000) > bottom : 0x000222e0 (140000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC 32K(Big)' > size: struct spoolss_FormSize > width : 0x000222e0 (140000) > height : 0x000318f8 (203000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000222e0 (140000) > bottom : 0x000318f8 (203000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #1 Rotated' > size: struct spoolss_FormSize > width : 0x00028488 (165000) > height : 0x00018e70 (102000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00028488 (165000) > bottom : 0x00018e70 (102000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #1' > size: struct spoolss_FormSize > width : 0x00018e70 (102000) > height : 0x00028488 (165000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00018e70 (102000) > bottom : 0x00028488 (165000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #10 Rotated' > size: struct spoolss_FormSize > width : 0x0006fd10 (458000) > height : 0x0004f1a0 (324000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0006fd10 (458000) > bottom : 0x0004f1a0 (324000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #10' > size: struct spoolss_FormSize > width : 0x0004f1a0 (324000) > height : 0x0006fd10 (458000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004f1a0 (324000) > bottom : 0x0006fd10 (458000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #2 Rotated' > size: struct spoolss_FormSize > width : 0x0002af80 (176000) > height : 0x00018e70 (102000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002af80 (176000) > bottom : 0x00018e70 (102000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #2' > size: struct spoolss_FormSize > width : 0x00018e70 (102000) > height : 0x0002af80 (176000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00018e70 (102000) > bottom : 0x0002af80 (176000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #3 Rotated' > size: struct spoolss_FormSize > width : 0x0002af80 (176000) > height : 0x0001e848 (125000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0002af80 (176000) > bottom : 0x0001e848 (125000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #3' > size: struct spoolss_FormSize > width : 0x0001e848 (125000) > height : 0x0002af80 (176000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001e848 (125000) > bottom : 0x0002af80 (176000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #4 Rotated' > size: struct spoolss_FormSize > width : 0x00032c80 (208000) > height : 0x0001adb0 (110000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00032c80 (208000) > bottom : 0x0001adb0 (110000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #4' > size: struct spoolss_FormSize > width : 0x0001adb0 (110000) > height : 0x00032c80 (208000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001adb0 (110000) > bottom : 0x00032c80 (208000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #5 Rotated' > size: struct spoolss_FormSize > width : 0x00035b60 (220000) > height : 0x0001adb0 (110000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00035b60 (220000) > bottom : 0x0001adb0 (110000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #5' > size: struct spoolss_FormSize > width : 0x0001adb0 (110000) > height : 0x00035b60 (220000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001adb0 (110000) > bottom : 0x00035b60 (220000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #6 Rotated' > size: struct spoolss_FormSize > width : 0x00038270 (230000) > height : 0x0001d4c0 (120000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00038270 (230000) > bottom : 0x0001d4c0 (120000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #6' > size: struct spoolss_FormSize > width : 0x0001d4c0 (120000) > height : 0x00038270 (230000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001d4c0 (120000) > bottom : 0x00038270 (230000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #7 Rotated' > size: struct spoolss_FormSize > width : 0x00038270 (230000) > height : 0x00027100 (160000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00038270 (230000) > bottom : 0x00027100 (160000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #7' > size: struct spoolss_FormSize > width : 0x00027100 (160000) > height : 0x00038270 (230000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00027100 (160000) > bottom : 0x00038270 (230000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #8 Rotated' > size: struct spoolss_FormSize > width : 0x0004b708 (309000) > height : 0x0001d4c0 (120000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004b708 (309000) > bottom : 0x0001d4c0 (120000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #8' > size: struct spoolss_FormSize > width : 0x0001d4c0 (120000) > height : 0x0004b708 (309000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0001d4c0 (120000) > bottom : 0x0004b708 (309000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #9 Rotated' > size: struct spoolss_FormSize > width : 0x0004f1a0 (324000) > height : 0x00037e88 (229000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004f1a0 (324000) > bottom : 0x00037e88 (229000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'PRC Envelope #9' > size: struct spoolss_FormSize > width : 0x00037e88 (229000) > height : 0x0004f1a0 (324000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00037e88 (229000) > bottom : 0x0004f1a0 (324000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Quarto' > size: struct spoolss_FormSize > width : 0x000347d8 (215000) > height : 0x00043238 (275000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000347d8 (215000) > bottom : 0x00043238 (275000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Reserved48' > size: struct spoolss_FormSize > width : 0x00000001 (1) > height : 0x00000001 (1) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00000001 (1) > bottom : 0x00000001 (1) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Reserved49' > size: struct spoolss_FormSize > width : 0x00000001 (1) > height : 0x00000001 (1) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00000001 (1) > bottom : 0x00000001 (1) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Statement' > size: struct spoolss_FormSize > width : 0x000221b4 (139700) > height : 0x00034b5c (215900) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000221b4 (139700) > bottom : 0x00034b5c (215900) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Super A' > size: struct spoolss_FormSize > width : 0x000376b8 (227000) > height : 0x00056ea0 (356000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x000376b8 (227000) > bottom : 0x00056ea0 (356000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Super B' > size: struct spoolss_FormSize > width : 0x0004a768 (305000) > height : 0x00076e58 (487000) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004a768 (305000) > bottom : 0x00076e58 (487000) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Tabloid Extra' > size: struct spoolss_FormSize > width : 0x0004a6a0 (304800) > height : 0x0006f9f0 (457200) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0004a6a0 (304800) > bottom : 0x0006f9f0 (457200) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'Tabloid' > size: struct spoolss_FormSize > width : 0x00044368 (279400) > height : 0x000696b8 (431800) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x00044368 (279400) > bottom : 0x000696b8 (431800) > info : union spoolss_FormInfo(case 1) > info1: struct spoolss_FormInfo1 > flags : SPOOLSS_FORM_BUILTIN (1) > form_name : * > form_name : 'US Std Fanfold' > size: struct spoolss_FormSize > width : 0x0005c3e1 (377825) > height : 0x00044368 (279400) > area: struct spoolss_FormArea > left : 0x00000000 (0) > top : 0x00000000 (0) > right : 0x0005c3e1 (377825) > bottom : 0x00044368 (279400) > needed : * > needed : 0x00001de0 (7648) > result : WERR_OK >[2012/08/30 15:27:54.499533, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.499618, 10] rpc_server/srv_pipe.c:1684(api_rpcTNP) > api_rpcTNP: rpc input buffer underflow (parse error?) >[2012/08/30 15:27:54.499774, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [07F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [08F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [09F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [10F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [11F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [12F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [13F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [14F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [15F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [16F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1720] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1730] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1740] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1750] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1760] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1770] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1780] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1790] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [17F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1800] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1810] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1820] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1830] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1840] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1850] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1860] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1870] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1880] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1890] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [18F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1900] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1910] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1920] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1930] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1940] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1950] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1960] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1970] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1980] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1990] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [19F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1A90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1AF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1B90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1BF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1C90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1CF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1D90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1DF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1E90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1ED0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1EF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F00] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [20F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [2120] 00 00 00 00 58 25 00 00 ....X%.. >[2012/08/30 15:27:54.539184, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 1092 >[2012/08/30 15:27:54.539341, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:54.539466, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 9580. >[2012/08/30 15:27:54.539620, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x01 (1) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x10b8 (4280) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000256c (9580) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4256 > [0000] 04 00 02 00 58 25 00 00 01 00 00 00 4C 25 00 00 ....X%.. ....L%.. > [0010] 30 E0 03 00 68 43 04 00 00 00 00 00 00 00 00 00 0...hC.. ........ > [0020] 30 E0 03 00 68 43 04 00 01 00 00 00 20 25 00 00 0...hC.. .... %.. > [0030] 30 E0 03 00 10 6D 05 00 00 00 00 00 00 00 00 00 0....m.. ........ > [0040] 30 E0 03 00 10 6D 05 00 01 00 00 00 F4 24 00 00 0....m.. .....$.. > [0050] 68 43 04 00 B8 96 06 00 00 00 00 00 00 00 00 00 hC...... ........ > [0060] 68 43 04 00 B8 96 06 00 01 00 00 00 C8 24 00 00 hC...... .....$.. > [0070] 24 A7 04 00 E1 43 04 00 00 00 00 00 00 00 00 00 $....C.. ........ > [0080] 24 A7 04 00 E1 43 04 00 01 00 00 00 9C 24 00 00 $....C.. .....$.. > [0090] 48 D0 05 00 68 43 04 00 00 00 00 00 00 00 00 00 H...hC.. ........ > [00A0] 48 D0 05 00 68 43 04 00 01 00 00 00 5E 24 00 00 H...hC.. ....^$.. > [00B0] AB 67 01 00 EC 84 02 00 00 00 00 00 00 00 00 00 .g...... ........ > [00C0] AB 67 01 00 EC 84 02 00 01 00 00 00 34 24 00 00 .g...... ....4$.. > [00D0] F8 7C 03 00 68 43 04 00 00 00 00 00 00 00 00 00 .|..hC.. ........ > [00E0] F8 7C 03 00 68 43 04 00 01 00 00 00 0E 24 00 00 .|..hC.. .....$.. > [00F0] 28 D5 0C 00 88 24 12 00 00 00 00 00 00 00 00 00 (....$.. ........ > [0100] 28 D5 0C 00 88 24 12 00 01 00 00 00 E8 23 00 00 (....$.. .....#.. > [0110] 50 10 09 00 28 D5 0C 00 00 00 00 00 00 00 00 00 P...(... ........ > [0120] 50 10 09 00 28 D5 0C 00 01 00 00 00 C2 23 00 00 P...(... .....#.. > [0130] A0 68 06 00 50 10 09 00 00 00 00 00 00 00 00 00 .h..P... ........ > [0140] A0 68 06 00 50 10 09 00 01 00 00 00 7A 23 00 00 .h..P... ....z#.. > [0150] D0 E9 04 00 48 CA 06 00 00 00 00 00 00 00 00 00 ....H... ........ > [0160] D0 E9 04 00 48 CA 06 00 01 00 00 00 48 23 00 00 ....H... ....H#.. > [0170] D0 E9 04 00 48 CA 06 00 00 00 00 00 00 00 00 00 ....H... ........ > [0180] D0 E9 04 00 48 CA 06 00 01 00 00 00 12 23 00 00 ....H... .....#.. > [0190] A0 68 06 00 28 88 04 00 00 00 00 00 00 00 00 00 .h..(... ........ > [01A0] A0 68 06 00 28 88 04 00 01 00 00 00 D6 22 00 00 .h..(... .....".. > [01B0] 28 88 04 00 A0 68 06 00 00 00 00 00 00 00 00 00 (....h.. ........ > [01C0] 28 88 04 00 A0 68 06 00 01 00 00 00 B0 22 00 00 (....h.. .....".. > [01D0] 28 88 04 00 A0 68 06 00 00 00 00 00 00 00 00 00 (....h.. ........ > [01E0] 28 88 04 00 A0 68 06 00 01 00 00 00 7E 22 00 00 (....h.. ....~".. > [01F0] C2 97 03 00 16 EB 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] C2 97 03 00 16 EB 04 00 01 00 00 00 4E 22 00 00 ........ ....N".. > [0210] 50 34 03 00 10 09 05 00 00 00 00 00 00 00 00 00 P4...... ........ > [0220] 50 34 03 00 10 09 05 00 01 00 00 00 18 22 00 00 P4...... .....".. > [0230] 28 88 04 00 50 34 03 00 00 00 00 00 00 00 00 00 (...P4.. ........ > [0240] 28 88 04 00 50 34 03 00 01 00 00 00 E6 21 00 00 (...P4.. .....!.. > [0250] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ > [0260] 50 34 03 00 28 88 04 00 01 00 00 00 AA 21 00 00 P4..(... .....!.. > [0270] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ > [0280] 50 34 03 00 28 88 04 00 01 00 00 00 84 21 00 00 P4..(... .....!.. > [0290] 50 34 03 00 28 88 04 00 00 00 00 00 00 00 00 00 P4..(... ........ > [02A0] 50 34 03 00 28 88 04 00 01 00 00 00 52 21 00 00 P4..(... ....R!.. > [02B0] B0 A7 02 00 F8 95 03 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] B0 A7 02 00 F8 95 03 00 01 00 00 00 1C 21 00 00 ........ .....!.. > [02D0] 50 34 03 00 20 42 02 00 00 00 00 00 00 00 00 00 P4.. B.. ........ > [02E0] 50 34 03 00 20 42 02 00 01 00 00 00 E0 20 00 00 P4.. B.. ..... .. > [02F0] 20 42 02 00 50 34 03 00 00 00 00 00 00 00 00 00 B..P4.. ........ > [0300] 20 42 02 00 50 34 03 00 01 00 00 00 BA 20 00 00 B..P4.. ..... .. > [0310] 20 42 02 00 50 34 03 00 00 00 00 00 00 00 00 00 B..P4.. ........ > [0320] 20 42 02 00 50 34 03 00 01 00 00 00 84 20 00 00 B..P4.. ..... .. > [0330] 20 42 02 00 28 9A 01 00 00 00 00 00 00 00 00 00 B..(... ........ > [0340] 20 42 02 00 28 9A 01 00 01 00 00 00 5E 20 00 00 B..(... ....^ .. > [0350] 28 9A 01 00 20 42 02 00 00 00 00 00 00 00 00 00 (... B.. ........ > [0360] 28 9A 01 00 20 42 02 00 01 00 00 00 2C 20 00 00 (... B.. ...., .. > [0370] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ > [0380] 90 D0 03 00 E8 62 05 00 01 00 00 00 EA 1F 00 00 .....b.. ........ > [0390] E0 8D 05 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] E0 8D 05 00 E8 EB 03 00 01 00 00 00 B8 1F 00 00 ........ ........ > [03B0] E8 EB 03 00 E0 8D 05 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] E8 EB 03 00 E0 8D 05 00 01 00 00 00 7A 1F 00 00 ........ ....z... > [03D0] 28 11 03 00 20 36 04 00 00 00 00 00 00 00 00 00 (... 6.. ........ > [03E0] 28 11 03 00 20 36 04 00 01 00 00 00 38 1F 00 00 (... 6.. ....8... > [03F0] E8 EB 03 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] E8 EB 03 00 F0 C6 02 00 01 00 00 00 F0 1E 00 00 ........ ........ > [0410] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] F0 C6 02 00 E8 EB 03 00 01 00 00 00 BE 1E 00 00 ........ ........ > [0430] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] F0 C6 02 00 E8 EB 03 00 01 00 00 00 7C 1E 00 00 ........ ....|... > [0450] F0 C6 02 00 00 F4 01 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] F0 C6 02 00 00 F4 01 00 01 00 00 00 4A 1E 00 00 ........ ....J... > [0470] 00 F4 01 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 F4 01 00 F0 C6 02 00 01 00 00 00 10 1E 00 00 ........ ........ > [0490] B8 96 06 00 D0 86 08 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] B8 96 06 00 D0 86 08 00 01 00 00 00 D6 1D 00 00 ........ ........ > [04B0] D0 86 08 00 70 2D 0D 00 00 00 00 00 00 00 00 00 ....p-.. ........ > [04C0] D0 86 08 00 70 2D 0D 00 01 00 00 00 7A 1D 00 00 ....p-.. ....z... > [04D0] 20 42 02 00 40 0D 03 00 00 00 00 00 00 00 00 00 B..@... ........ > [04E0] 20 42 02 00 40 0D 03 00 01 00 00 00 40 1D 00 00 B..@... ....@... > [04F0] 70 2D 0D 00 A0 0D 11 00 00 00 00 00 00 00 00 00 p-...... ........ > [0500] 70 2D 0D 00 A0 0D 11 00 01 00 00 00 06 1D 00 00 p-...... ........ > [0510] 47 99 01 00 94 AE 03 00 00 00 00 00 00 00 00 00 G....... ........ > [0520] 47 99 01 00 94 AE 03 00 01 00 00 00 CC 1C 00 00 G....... ........ > [0530] 7C BE 01 00 65 05 04 00 00 00 00 00 00 00 00 00 |...e... ........ > [0540] 7C BE 01 00 65 05 04 00 01 00 00 00 92 1C 00 00 |...e... ........ > [0550] 4A D7 01 00 68 43 04 00 00 00 00 00 00 00 00 00 J...hC.. ........ > [0560] 4A D7 01 00 68 43 04 00 01 00 00 00 58 1C 00 00 J...hC.. ....X... > [0570] 18 F0 01 00 04 75 04 00 00 00 00 00 00 00 00 00 .....u.. ........ > [0580] 18 F0 01 00 04 75 04 00 01 00 00 00 20 1C 00 00 .....u.. .... ... > [0590] 79 80 01 00 91 70 03 00 00 00 00 00 00 00 00 00 y....p.. ........ > [05A0] 79 80 01 00 91 70 03 00 01 00 00 00 E8 1B 00 00 y....p.. ........ > [05B0] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ > [05C0] 90 D0 03 00 E8 62 05 00 01 00 00 00 B0 1B 00 00 .....b.. ........ > [05D0] 80 AF 02 00 90 D0 03 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 80 AF 02 00 90 D0 03 00 01 00 00 00 78 1B 00 00 ........ ....x... > [05F0] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ > [0600] 80 AF 02 00 48 E8 01 00 01 00 00 00 40 1B 00 00 ....H... ....@... > [0610] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] A0 F1 04 00 10 FD 06 00 01 00 00 00 08 1B 00 00 ........ ........ > [0630] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ > [0640] 88 7E 03 00 A0 F1 04 00 01 00 00 00 D0 1A 00 00 .~...... ........ > [0650] D0 78 02 00 88 7E 03 00 00 00 00 00 00 00 00 00 .x...~.. ........ > [0660] D0 78 02 00 88 7E 03 00 01 00 00 00 98 1A 00 00 .x...~.. ........ > [0670] 50 BD 01 00 D0 78 02 00 00 00 00 00 00 00 00 00 P....x.. ........ > [0680] 50 BD 01 00 D0 78 02 00 01 00 00 00 5E 1A 00 00 P....x.. ....^... > [0690] 50 BD 01 00 88 7E 03 00 00 00 00 00 00 00 00 00 P....~.. ........ > [06A0] 50 BD 01 00 88 7E 03 00 01 00 00 00 26 1A 00 00 P....~.. ....&... > [06B0] B0 AD 01 00 60 5B 03 00 00 00 00 00 00 00 00 00 ....`[.. ........ > [06C0] B0 AD 01 00 60 5B 03 00 01 00 00 00 E6 19 00 00 ....`[.. ........ > [06D0] 60 5B 03 00 60 5B 03 00 00 00 00 00 00 00 00 00 `[..`[.. ........ > [06E0] 60 5B 03 00 60 5B 03 00 01 00 00 00 A4 19 00 00 `[..`[.. ........ > [06F0] 79 80 01 00 24 E8 02 00 00 00 00 00 00 00 00 00 y...$... ........ > [0700] 79 80 01 00 24 E8 02 00 01 00 00 00 72 19 00 00 y...$... ....r... > [0710] B0 AD 01 00 70 82 03 00 00 00 00 00 00 00 00 00 ....p... ........ > [0720] B0 AD 01 00 70 82 03 00 01 00 00 00 3E 19 00 00 ....p... ....>... > [0730] 56 CF 02 00 CC 11 04 00 00 00 00 00 00 00 00 00 V....... ........ > [0740] 56 CF 02 00 CC 11 04 00 01 00 00 00 12 19 00 00 V....... ........ > [0750] 5C 4B 03 00 D8 09 05 00 00 00 00 00 00 00 00 00 \K...... ........ > [0760] 5C 4B 03 00 D8 09 05 00 01 00 00 00 C8 18 00 00 \K...... ........ > [0770] 5C 4B 03 00 D8 09 05 00 00 00 00 00 00 00 00 00 \K...... ........ > [0780] 5C 4B 03 00 D8 09 05 00 01 00 00 00 82 18 00 00 \K...... ........ > [0790] 5C 4B 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 \K...... ........ > [07A0] 5C 4B 03 00 A0 A6 04 00 01 00 00 00 24 18 00 00 \K...... ....$... > [07B0] F8 95 03 00 C0 D4 01 00 00 00 00 00 00 00 00 00 ........ ........ > [07C0] F8 95 03 00 C0 D4 01 00 01 00 00 00 C6 17 00 00 ........ ........ > [07D0] C8 20 03 00 90 5F 01 00 00 00 00 00 00 00 00 00 . ..._.. ........ > [07E0] C8 20 03 00 90 5F 01 00 01 00 00 00 68 17 00 00 . ..._.. ....h... > [07F0] E0 10 05 00 80 A9 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0800] E0 10 05 00 80 A9 03 00 01 00 00 00 0A 17 00 00 ........ ........ > [0810] 08 3A 04 00 C0 4B 03 00 00 00 00 00 00 00 00 00 .:...K.. ........ > [0820] 08 3A 04 00 C0 4B 03 00 01 00 00 00 AE 16 00 00 .:...K.. ........ > [0830] F8 95 03 00 28 9A 01 00 00 00 00 00 00 00 00 00 ....(... ........ > [0840] F8 95 03 00 28 9A 01 00 01 00 00 00 62 16 00 00 ....(... ....b... > [0850] 28 9A 01 00 F8 95 03 00 00 00 00 00 00 00 00 00 (....... ........ > [0860] 28 9A 01 00 F8 95 03 00 01 00 00 00 10 16 00 00 (....... ........ > [0870] 40 0D 03 00 20 42 02 00 00 00 00 00 00 00 00 00 @... B.. ........ > [0880] 40 0D 03 00 20 42 02 00 01 00 00 00 BC 15 00 00 @... B.. ........ > [0890] C0 D4 01 00 F8 95 03 00 00 00 00 00 00 00 00 00 ........ ........ > [08A0] C0 D4 01 00 F8 95 03 00 01 00 00 00 68 15 00 00 ........ ....h... > [08B0] 90 5F 01 00 C8 20 03 00 00 00 00 00 00 00 00 00 ._... .. ........ > [08C0] 90 5F 01 00 C8 20 03 00 01 00 00 00 14 15 00 00 ._... .. ........ > [08D0] 80 A9 03 00 E0 10 05 00 00 00 00 00 00 00 00 00 ........ ........ > [08E0] 80 A9 03 00 E0 10 05 00 01 00 00 00 C0 14 00 00 ........ ........ > [08F0] C0 4B 03 00 08 3A 04 00 00 00 00 00 00 00 00 00 .K...:.. ........ > [0900] C0 4B 03 00 08 3A 04 00 01 00 00 00 6C 14 00 00 .K...:.. ....l... > [0910] 20 42 02 00 A0 86 01 00 00 00 00 00 00 00 00 00 B...... ........ > [0920] 20 42 02 00 A0 86 01 00 01 00 00 00 28 14 00 00 B...... ....(... > [0930] A0 86 01 00 20 42 02 00 00 00 00 00 00 00 00 00 .... B.. ........ > [0940] A0 86 01 00 20 42 02 00 01 00 00 00 FA 13 00 00 .... B.. ........ > [0950] B8 96 06 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ > [0960] B8 96 06 00 68 43 04 00 01 00 00 00 C2 13 00 00 ....hC.. ........ > [0970] 94 AE 03 00 48 D0 05 00 00 00 00 00 00 00 00 00 ....H... ........ > [0980] 94 AE 03 00 48 D0 05 00 01 00 00 00 96 13 00 00 ....H... ........ > [0990] 5C 4B 03 00 10 6D 05 00 00 00 00 00 00 00 00 00 \K...m.. ........ > [09A0] 5C 4B 03 00 10 6D 05 00 01 00 00 00 46 13 00 00 \K...m.. ....F... > [09B0] 94 AE 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 ........ ........ > [09C0] 94 AE 03 00 A0 A6 04 00 01 00 00 00 0C 13 00 00 ........ ........ > [09D0] 94 AE 03 00 A0 A6 04 00 00 00 00 00 00 00 00 00 ........ ........ > [09E0] 94 AE 03 00 A0 A6 04 00 01 00 00 00 D4 12 00 00 ........ ........ > [09F0] 5C 4B 03 00 16 EB 04 00 00 00 00 00 00 00 00 00 \K...... ........ > [0A00] 5C 4B 03 00 16 EB 04 00 01 00 00 00 96 12 00 00 \K...... ........ > [0A10] 68 43 04 00 5C 4B 03 00 00 00 00 00 00 00 00 00 hC..\K.. ........ > [0A20] 68 43 04 00 5C 4B 03 00 01 00 00 00 5C 12 00 00 hC..\K.. ....\... > [0A30] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ > [0A40] 5C 4B 03 00 68 43 04 00 01 00 00 00 18 12 00 00 \K..hC.. ........ > [0A50] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ > [0A60] 5C 4B 03 00 68 43 04 00 01 00 00 00 EA 11 00 00 \K..hC.. ........ > [0A70] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ > [0A80] 5C 4B 03 00 68 43 04 00 01 00 00 00 C0 11 00 00 \K..hC.. ........ > [0A90] 5C 4B 03 00 68 43 04 00 00 00 00 00 00 00 00 00 \K..hC.. ........ > [0AA0] 5C 4B 03 00 68 43 04 00 01 00 00 00 80 11 00 00 \K..hC.. ........ > [0AB0] A0 F7 03 00 60 DE 02 00 00 00 00 00 00 00 00 00 ....`... ........ > [0AC0] A0 F7 03 00 60 DE 02 00 01 00 00 00 50 11 00 00 ....`... ....P... > [0AD0] 60 DE 02 00 A0 F7 03 00 00 00 00 00 00 00 00 00 `....... ........ > [0AE0] 60 DE 02 00 A0 F7 03 00 01 00 00 00 10 11 00 00 `....... ........ > [0AF0] C0 CE 02 00 D0 FB 01 00 00 00 00 00 00 00 00 00 ........ ........ > [0B00] C0 CE 02 00 D0 FB 01 00 01 00 00 00 E0 10 00 00 ........ ........ > [0B10] D0 FB 01 00 C0 CE 02 00 00 00 00 00 00 00 00 00 ........ ........ > [0B20] D0 FB 01 00 C0 CE 02 00 01 00 00 00 96 10 00 00 ........ ........ > [0B30] F8 18 03 00 E0 22 02 00 00 00 00 00 00 00 00 00 .....".. ........ > [0B40] F8 18 03 00 E0 22 02 00 01 00 00 00 5C 10 00 00 .....".. ....\... > [0B50] E0 22 02 00 F8 18 03 00 00 00 00 00 00 00 00 00 ."...... ........ > [0B60] E0 22 02 00 F8 18 03 00 01 00 00 00 0C 10 00 00 ."...... ........ > [0B70] 88 84 02 00 70 8E 01 00 00 00 00 00 00 00 00 00 ....p... ........ > [0B80] 88 84 02 00 70 8E 01 00 01 00 00 00 CC 0F 00 00 ....p... ........ > [0B90] 70 8E 01 00 88 84 02 00 00 00 00 00 00 00 00 00 p....... ........ > [0BA0] 70 8E 01 00 88 84 02 00 01 00 00 00 7A 0F 00 00 p....... ....z... > [0BB0] 10 FD 06 00 A0 F1 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0BC0] 10 FD 06 00 A0 F1 04 00 01 00 00 00 38 0F 00 00 ........ ....8... > [0BD0] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ > [0BE0] A0 F1 04 00 10 FD 06 00 01 00 00 00 E8 0E 00 00 ........ ........ > [0BF0] 80 AF 02 00 70 8E 01 00 00 00 00 00 00 00 00 00 ....p... ........ > [0C00] 80 AF 02 00 70 8E 01 00 01 00 00 00 A8 0E 00 00 ....p... ........ > [0C10] 70 8E 01 00 80 AF 02 00 00 00 00 00 00 00 00 00 p....... ........ > [0C20] 70 8E 01 00 80 AF 02 00 01 00 00 00 58 0E 00 00 p....... ....X... > [0C30] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ > [0C40] 80 AF 02 00 48 E8 01 00 01 00 00 00 18 0E 00 00 ....H... ........ > [0C50] 48 E8 01 00 80 AF 02 00 00 00 00 00 00 00 00 00 H....... ........ > [0C60] 48 E8 01 00 80 AF 02 00 01 00 00 00 C8 0D 00 00 H....... ........ > [0C70] 80 2C 03 00 B0 AD 01 00 00 00 00 00 00 00 00 00 .,...... ........ > [0C80] 80 2C 03 00 B0 AD 01 00 01 00 00 00 88 0D 00 00 .,...... ........ > [0C90] B0 AD 01 00 80 2C 03 00 00 00 00 00 00 00 00 00 .....,.. ........ > [0CA0] B0 AD 01 00 80 2C 03 00 01 00 00 00 38 0D 00 00 .....,.. ....8... > [0CB0] 60 5B 03 00 B0 AD 01 00 00 00 00 00 00 00 00 00 `[...... ........ > [0CC0] 60 5B 03 00 B0 AD 01 00 01 00 00 00 F8 0C 00 00 `[...... ........ > [0CD0] B0 AD 01 00 60 5B 03 00 00 00 00 00 00 00 00 00 ....`[.. ........ > [0CE0] B0 AD 01 00 60 5B 03 00 01 00 00 00 A8 0C 00 00 ....`[.. ........ > [0CF0] 70 82 03 00 C0 D4 01 00 00 00 00 00 00 00 00 00 p....... ........ > [0D00] 70 82 03 00 C0 D4 01 00 01 00 00 00 68 0C 00 00 p....... ....h... > [0D10] C0 D4 01 00 70 82 03 00 00 00 00 00 00 00 00 00 ....p... ........ > [0D20] C0 D4 01 00 70 82 03 00 01 00 00 00 18 0C 00 00 ....p... ........ > [0D30] 70 82 03 00 00 71 02 00 00 00 00 00 00 00 00 00 p....q.. ........ > [0D40] 70 82 03 00 00 71 02 00 01 00 00 00 D8 0B 00 00 p....q.. ........ > [0D50] 00 71 02 00 70 82 03 00 00 00 00 00 00 00 00 00 .q..p... ........ > [0D60] 00 71 02 00 70 82 03 00 01 00 00 00 88 0B 00 00 .q..p... ........ > [0D70] 08 B7 04 00 C0 D4 01 00 00 00 00 00 00 00 00 00 ........ ........ > [0D80] 08 B7 04 00 C0 D4 01 00 01 00 00 00 48 0B 00 00 ........ ....H... > [0D90] C0 D4 01 00 08 B7 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0DA0] C0 D4 01 00 08 B7 04 00 01 00 00 00 F8 0A 00 00 ........ ........ > [0DB0] A0 F1 04 00 88 7E 03 00 00 00 00 00 00 00 00 00 .....~.. ........ > [0DC0] A0 F1 04 00 88 7E 03 00 01 00 00 00 B8 0A 00 00 .....~.. ........ > [0DD0] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ > [0DE0] 88 7E 03 00 A0 F1 04 00 01 00 00 00 8A 0A 00 00 .~...... ........ > [0DF0] D8 47 03 00 38 32 04 00 00 00 00 00 00 00 00 00 .G..82.. ........ > [0E00] D8 47 03 00 38 32 04 00 01 00 00 00 54 0A 00 00 .G..82.. ....T... > [0E10] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E20] 01 00 00 00 01 00 00 00 01 00 00 00 1E 0A 00 00 ........ ........ > [0E30] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0E40] 01 00 00 00 01 00 00 00 01 00 00 00 EA 09 00 00 ........ ........ > [0E50] B4 21 02 00 5C 4B 03 00 00 00 00 00 00 00 00 00 .!..\K.. ........ > [0E60] B4 21 02 00 5C 4B 03 00 01 00 00 00 BA 09 00 00 .!..\K.. ........ > [0E70] B8 76 03 00 A0 6E 05 00 00 00 00 00 00 00 00 00 .v...n.. ........ > [0E80] B8 76 03 00 A0 6E 05 00 01 00 00 00 8A 09 00 00 .v...n.. ........ > [0E90] 68 A7 04 00 58 6E 07 00 00 00 00 00 00 00 00 00 h...Xn.. ........ > [0EA0] 68 A7 04 00 58 6E 07 00 01 00 00 00 4E 09 00 00 h...Xn.. ....N... > [0EB0] A0 A6 04 00 F0 F9 06 00 00 00 00 00 00 00 00 00 ........ ........ > [0EC0] A0 A6 04 00 F0 F9 06 00 01 00 00 00 1E 09 00 00 ........ ........ > [0ED0] 68 43 04 00 B8 96 06 00 00 00 00 00 00 00 00 00 hC...... ........ > [0EE0] 68 43 04 00 B8 96 06 00 01 00 00 00 E0 08 00 00 hC...... ........ > [0EF0] E1 C3 05 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ > [0F00] E1 C3 05 00 68 43 04 00 00 00 00 00 00 00 00 00 ....hC.. ........ > [0F10] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F20] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F30] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F40] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F50] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F60] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F70] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F80] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0F90] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FA0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FB0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FC0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FD0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FE0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0FF0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [1090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.562108, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:54.562246, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:54.562366, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:54.562485, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:54.562621, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.562683, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9280 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:54.564103, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 01 10 00 00 00 B8 10 00 00 05 00 00 ........ ........ > [0010] 00 6C 25 00 00 00 00 00 00 04 00 02 00 58 25 00 .l%..... .....X%. > [0020] 00 01 00 00 00 4C 25 00 00 30 E0 03 00 68 43 04 .....L%. .0...hC. > [0030] 00 00 00 00 00 00 00 00 00 30 E0 03 00 68 43 04 ........ .0...hC. > [0040] 00 01 00 00 00 20 25 00 00 30 E0 03 00 10 6D 05 ..... %. .0....m. > [0050] 00 00 00 00 00 00 00 00 00 30 E0 03 00 10 6D 05 ........ .0....m. > [0060] 00 01 00 00 00 F4 24 00 00 68 43 04 00 B8 96 06 ......$. .hC..... > [0070] 00 00 00 00 00 00 00 00 00 68 43 04 00 B8 96 06 ........ .hC..... > [0080] 00 01 00 00 00 C8 24 00 00 24 A7 04 00 E1 43 04 ......$. .$....C. > [0090] 00 00 00 00 00 00 00 00 00 24 A7 04 00 E1 43 04 ........ .$....C. > [00A0] 00 01 00 00 00 9C 24 00 00 48 D0 05 00 68 43 04 ......$. .H...hC. > [00B0] 00 00 00 00 00 00 00 00 00 48 D0 05 00 68 43 04 ........ .H...hC. > [00C0] 00 01 00 00 00 5E 24 00 00 AB 67 01 00 EC 84 02 .....^$. ..g..... > [00D0] 00 00 00 00 00 00 00 00 00 AB 67 01 00 EC 84 02 ........ ..g..... > [00E0] 00 01 00 00 00 34 24 00 00 F8 7C 03 00 68 43 04 .....4$. ..|..hC. > [00F0] 00 00 00 00 00 00 00 00 00 F8 7C 03 00 68 43 04 ........ ..|..hC. > [0100] 00 01 00 00 00 0E 24 00 00 28 D5 0C 00 88 24 12 ......$. .(....$. > [0110] 00 00 00 00 00 00 00 00 00 28 D5 0C 00 88 24 12 ........ .(....$. > [0120] 00 01 00 00 00 E8 23 00 00 50 10 09 00 28 D5 0C ......#. .P...(.. > [0130] 00 00 00 00 00 00 00 00 00 50 10 09 00 28 D5 0C ........ .P...(.. > [0140] 00 01 00 00 00 C2 23 00 00 A0 68 06 00 50 10 09 ......#. ..h..P.. > [0150] 00 00 00 00 00 00 00 00 00 A0 68 06 00 50 10 09 ........ ..h..P.. > [0160] 00 01 00 00 00 7A 23 00 00 D0 E9 04 00 48 CA 06 .....z#. .....H.. > [0170] 00 00 00 00 00 00 00 00 00 D0 E9 04 00 48 CA 06 ........ .....H.. > [0180] 00 01 00 00 00 48 23 00 00 D0 E9 04 00 48 CA 06 .....H#. .....H.. > [0190] 00 00 00 00 00 00 00 00 00 D0 E9 04 00 48 CA 06 ........ .....H.. > [01A0] 00 01 00 00 00 12 23 00 00 A0 68 06 00 28 88 04 ......#. ..h..(.. > [01B0] 00 00 00 00 00 00 00 00 00 A0 68 06 00 28 88 04 ........ ..h..(.. > [01C0] 00 01 00 00 00 D6 22 00 00 28 88 04 00 A0 68 06 ......". .(....h. > [01D0] 00 00 00 00 00 00 00 00 00 28 88 04 00 A0 68 06 ........ .(....h. > [01E0] 00 01 00 00 00 B0 22 00 00 28 88 04 00 A0 68 06 ......". .(....h. > [01F0] 00 00 00 00 00 00 00 00 00 28 88 04 00 A0 68 06 ........ .(....h. >[2012/08/30 15:27:54.568025, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:54.568192, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:54.568310, 3] smbd/process.c:1662(process_smb) > Transaction 67 of length 63 (0 toread) >[2012/08/30 15:27:54.568427, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.568488, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=9344 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 3256 (0xCB8) > smb_vwv[ 6]= 3256 (0xCB8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 3256 (0xCB8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:54.570529, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:54.570597, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.570716, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.570842, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 3256 >[2012/08/30 15:27:54.570963, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 4280, current_pdu_sent = 1024 returning 3256 bytes. >[2012/08/30 15:27:54.571122, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 3256 bytes. There is more data outstanding >[2012/08/30 15:27:54.571247, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=3256 max=3256 nread=3256 >[2012/08/30 15:27:54.572300, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:54.572446, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:54.572565, 3] smbd/process.c:1662(process_smb) > Transaction 68 of length 63 (0 toread) >[2012/08/30 15:27:54.572696, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.572780, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=9408 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:54.574273, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:54.574352, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.574478, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.574601, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/08/30 15:27:54.574739, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 4256, p->out_data.rdata.length = 9580. >[2012/08/30 15:27:54.574871, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x00 (0) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x10b8 (4280) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000014cc (5324) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=4256 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0700] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0710] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0720] 00 00 00 00 00 00 00 00 55 00 53 00 20 00 53 00 ........ U.S. .S. > [0730] 74 00 64 00 20 00 46 00 61 00 6E 00 66 00 6F 00 t.d. .F. a.n.f.o. > [0740] 6C 00 64 00 00 00 54 00 61 00 62 00 6C 00 6F 00 l.d...T. a.b.l.o. > [0750] 69 00 64 00 00 00 54 00 61 00 62 00 6C 00 6F 00 i.d...T. a.b.l.o. > [0760] 69 00 64 00 20 00 45 00 78 00 74 00 72 00 61 00 i.d. .E. x.t.r.a. > [0770] 00 00 53 00 75 00 70 00 65 00 72 00 20 00 42 00 ..S.u.p. e.r. .B. > [0780] 00 00 53 00 75 00 70 00 65 00 72 00 20 00 41 00 ..S.u.p. e.r. .A. > [0790] 00 00 53 00 74 00 61 00 74 00 65 00 6D 00 65 00 ..S.t.a. t.e.m.e. > [07A0] 6E 00 74 00 00 00 52 00 65 00 73 00 65 00 72 00 n.t...R. e.s.e.r. > [07B0] 76 00 65 00 64 00 34 00 39 00 00 00 52 00 65 00 v.e.d.4. 9...R.e. > [07C0] 73 00 65 00 72 00 76 00 65 00 64 00 34 00 38 00 s.e.r.v. e.d.4.8. > [07D0] 00 00 51 00 75 00 61 00 72 00 74 00 6F 00 00 00 ..Q.u.a. r.t.o... > [07E0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [07F0] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 00 00 l.o.p.e. .#.9... > [0800] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0810] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 20 00 l.o.p.e. .#.9. . > [0820] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0830] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0840] 6C 00 6F 00 70 00 65 00 20 00 23 00 38 00 00 00 l.o.p.e. .#.8... > [0850] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0860] 6C 00 6F 00 70 00 65 00 20 00 23 00 38 00 20 00 l.o.p.e. .#.8. . > [0870] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0880] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0890] 6C 00 6F 00 70 00 65 00 20 00 23 00 37 00 00 00 l.o.p.e. .#.7... > [08A0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [08B0] 6C 00 6F 00 70 00 65 00 20 00 23 00 37 00 20 00 l.o.p.e. .#.7. . > [08C0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [08D0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [08E0] 6C 00 6F 00 70 00 65 00 20 00 23 00 36 00 00 00 l.o.p.e. .#.6... > [08F0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0900] 6C 00 6F 00 70 00 65 00 20 00 23 00 36 00 20 00 l.o.p.e. .#.6. . > [0910] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0920] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0930] 6C 00 6F 00 70 00 65 00 20 00 23 00 35 00 00 00 l.o.p.e. .#.5... > [0940] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0950] 6C 00 6F 00 70 00 65 00 20 00 23 00 35 00 20 00 l.o.p.e. .#.5. . > [0960] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0970] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0980] 6C 00 6F 00 70 00 65 00 20 00 23 00 34 00 00 00 l.o.p.e. .#.4... > [0990] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [09A0] 6C 00 6F 00 70 00 65 00 20 00 23 00 34 00 20 00 l.o.p.e. .#.4. . > [09B0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [09C0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [09D0] 6C 00 6F 00 70 00 65 00 20 00 23 00 33 00 00 00 l.o.p.e. .#.3... > [09E0] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [09F0] 6C 00 6F 00 70 00 65 00 20 00 23 00 33 00 20 00 l.o.p.e. .#.3. . > [0A00] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0A10] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0A20] 6C 00 6F 00 70 00 65 00 20 00 23 00 32 00 00 00 l.o.p.e. .#.2... > [0A30] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0A40] 6C 00 6F 00 70 00 65 00 20 00 23 00 32 00 20 00 l.o.p.e. .#.2. . > [0A50] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0A60] 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 65 00 P.R.C. . E.n.v.e. > [0A70] 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 30 00 l.o.p.e. .#.1.0. > [0A80] 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 76 00 ..P.R.C. .E.n.v. > [0A90] 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 e.l.o.p. e. .#.1. > [0AA0] 30 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 0. .R.o. t.a.t.e. > [0AB0] 64 00 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 d...P.R. C. .E.n. > [0AC0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 v.e.l.o. p.e. .#. > [0AD0] 31 00 00 00 50 00 52 00 43 00 20 00 45 00 6E 00 1...P.R. C. .E.n. > [0AE0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 v.e.l.o. p.e. .#. > [0AF0] 31 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 1. .R.o. t.a.t.e. > [0B00] 64 00 00 00 50 00 52 00 43 00 20 00 33 00 32 00 d...P.R. C. .3.2. > [0B10] 4B 00 28 00 42 00 69 00 67 00 29 00 00 00 50 00 K.(.B.i. g.)...P. > [0B20] 52 00 43 00 20 00 33 00 32 00 4B 00 28 00 42 00 R.C. .3. 2.K.(.B. > [0B30] 69 00 67 00 29 00 20 00 52 00 6F 00 74 00 61 00 i.g.). . R.o.t.a. > [0B40] 74 00 65 00 64 00 00 00 50 00 52 00 43 00 20 00 t.e.d... P.R.C. . > [0B50] 33 00 32 00 4B 00 00 00 50 00 52 00 43 00 20 00 3.2.K... P.R.C. . > [0B60] 33 00 32 00 4B 00 20 00 52 00 6F 00 74 00 61 00 3.2.K. . R.o.t.a. > [0B70] 74 00 65 00 64 00 00 00 50 00 52 00 43 00 20 00 t.e.d... P.R.C. . > [0B80] 31 00 36 00 4B 00 00 00 50 00 52 00 43 00 20 00 1.6.K... P.R.C. . > [0B90] 31 00 36 00 4B 00 20 00 52 00 6F 00 74 00 61 00 1.6.K. . R.o.t.a. > [0BA0] 74 00 65 00 64 00 00 00 4E 00 6F 00 74 00 65 00 t.e.d... N.o.t.e. > [0BB0] 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 00 00 ..L.e.t. t.e.r... > [0BC0] 4C 00 65 00 74 00 74 00 65 00 72 00 20 00 54 00 L.e.t.t. e.r. .T. > [0BD0] 72 00 61 00 6E 00 73 00 76 00 65 00 72 00 73 00 r.a.n.s. v.e.r.s. > [0BE0] 65 00 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 e...L.e. t.t.e.r. > [0BF0] 20 00 53 00 6D 00 61 00 6C 00 6C 00 00 00 4C 00 .S.m.a. l.l...L. > [0C00] 65 00 74 00 74 00 65 00 72 00 20 00 52 00 6F 00 e.t.t.e. r. .R.o. > [0C10] 74 00 61 00 74 00 65 00 64 00 00 00 4C 00 65 00 t.a.t.e. d...L.e. > [0C20] 74 00 74 00 65 00 72 00 20 00 50 00 6C 00 75 00 t.t.e.r. .P.l.u. > [0C30] 73 00 00 00 4C 00 65 00 74 00 74 00 65 00 72 00 s...L.e. t.t.e.r. > [0C40] 20 00 45 00 78 00 74 00 72 00 61 00 00 00 4C 00 .E.x.t. r.a...L. > [0C50] 65 00 74 00 74 00 65 00 72 00 20 00 45 00 78 00 e.t.t.e. r. .E.x. > [0C60] 74 00 72 00 61 00 20 00 54 00 72 00 61 00 6E 00 t.r.a. . T.r.a.n. > [0C70] 73 00 76 00 65 00 72 00 73 00 65 00 00 00 4C 00 s.v.e.r. s.e...L. > [0C80] 65 00 67 00 61 00 6C 00 00 00 4C 00 65 00 67 00 e.g.a.l. ..L.e.g. > [0C90] 61 00 6C 00 20 00 45 00 78 00 74 00 72 00 61 00 a.l. .E. x.t.r.a. > [0CA0] 00 00 4C 00 65 00 64 00 67 00 65 00 72 00 00 00 ..L.e.d. g.e.r... > [0CB0] 4A 00 61 00 70 00 61 00 6E 00 65 00 73 00 65 00 J.a.p.a. n.e.s.e. > [0CC0] 20 00 50 00 6F 00 73 00 74 00 63 00 61 00 72 00 .P.o.s. t.c.a.r. > [0CD0] 64 00 00 00 4A 00 61 00 70 00 61 00 6E 00 65 00 d...J.a. p.a.n.e. > [0CE0] 73 00 65 00 20 00 50 00 6F 00 73 00 74 00 63 00 s.e. .P. o.s.t.c. > [0CF0] 61 00 72 00 64 00 20 00 52 00 6F 00 74 00 61 00 a.r.d. . R.o.t.a. > [0D00] 74 00 65 00 64 00 00 00 4A 00 61 00 70 00 61 00 t.e.d... J.a.p.a. > [0D10] 6E 00 65 00 73 00 65 00 20 00 45 00 6E 00 76 00 n.e.s.e. .E.n.v. > [0D20] 65 00 6C 00 6F 00 70 00 65 00 20 00 4B 00 61 00 e.l.o.p. e. .K.a. > [0D30] 6B 00 75 00 20 00 23 00 33 00 00 00 4A 00 61 00 k.u. .#. 3...J.a. > [0D40] 70 00 61 00 6E 00 65 00 73 00 65 00 20 00 45 00 p.a.n.e. s.e. .E. > [0D50] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . > [0D60] 4B 00 61 00 6B 00 75 00 20 00 23 00 32 00 00 00 K.a.k.u. .#.2... > [0D70] 4A 00 61 00 70 00 61 00 6E 00 65 00 73 00 65 00 J.a.p.a. n.e.s.e. > [0D80] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. > [0D90] 65 00 20 00 43 00 68 00 6F 00 75 00 20 00 23 00 e. .C.h. o.u. .#. > [0DA0] 34 00 00 00 4A 00 61 00 70 00 61 00 6E 00 65 00 4...J.a. p.a.n.e. > [0DB0] 73 00 65 00 20 00 45 00 6E 00 76 00 65 00 6C 00 s.e. .E. n.v.e.l. > [0DC0] 6F 00 70 00 65 00 20 00 43 00 68 00 6F 00 75 00 o.p.e. . C.h.o.u. > [0DD0] 20 00 23 00 33 00 00 00 4A 00 61 00 70 00 61 00 .#.3... J.a.p.a. > [0DE0] 6E 00 65 00 73 00 65 00 20 00 44 00 6F 00 75 00 n.e.s.e. .D.o.u. > [0DF0] 62 00 6C 00 65 00 20 00 50 00 6F 00 73 00 74 00 b.l.e. . P.o.s.t. > [0E00] 63 00 61 00 72 00 64 00 00 00 4A 00 61 00 70 00 c.a.r.d. ..J.a.p. > [0E10] 61 00 6E 00 20 00 45 00 6E 00 76 00 65 00 6C 00 a.n. .E. n.v.e.l. > [0E20] 6F 00 70 00 65 00 20 00 59 00 6F 00 75 00 20 00 o.p.e. . Y.o.u. . > [0E30] 23 00 34 00 00 00 4A 00 61 00 70 00 61 00 6E 00 #.4...J. a.p.a.n. > [0E40] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. > [0E50] 65 00 20 00 59 00 6F 00 75 00 20 00 23 00 34 00 e. .Y.o. u. .#.4. > [0E60] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. > [0E70] 00 00 4A 00 61 00 70 00 61 00 6E 00 20 00 45 00 ..J.a.p. a.n. .E. > [0E80] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . > [0E90] 4B 00 61 00 6B 00 75 00 20 00 23 00 33 00 20 00 K.a.k.u. .#.3. . > [0EA0] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0EB0] 4A 00 61 00 70 00 61 00 6E 00 20 00 45 00 6E 00 J.a.p.a. n. .E.n. > [0EC0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 4B 00 v.e.l.o. p.e. .K. > [0ED0] 61 00 6B 00 75 00 20 00 23 00 32 00 20 00 52 00 a.k.u. . #.2. .R. > [0EE0] 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 4A 00 o.t.a.t. e.d...J. > [0EF0] 61 00 70 00 61 00 6E 00 20 00 45 00 6E 00 76 00 a.p.a.n. .E.n.v. > [0F00] 65 00 6C 00 6F 00 70 00 65 00 20 00 43 00 68 00 e.l.o.p. e. .C.h. > [0F10] 6F 00 75 00 20 00 23 00 34 00 20 00 52 00 6F 00 o.u. .#. 4. .R.o. > [0F20] 74 00 61 00 74 00 65 00 64 00 00 00 4A 00 61 00 t.a.t.e. d...J.a. > [0F30] 70 00 61 00 6E 00 20 00 45 00 6E 00 76 00 65 00 p.a.n. . E.n.v.e. > [0F40] 6C 00 6F 00 70 00 65 00 20 00 43 00 68 00 6F 00 l.o.p.e. .C.h.o. > [0F50] 75 00 20 00 23 00 33 00 20 00 52 00 6F 00 74 00 u. .#.3. .R.o.t. > [0F60] 61 00 74 00 65 00 64 00 00 00 47 00 65 00 72 00 a.t.e.d. ..G.e.r. > [0F70] 6D 00 61 00 6E 00 20 00 53 00 74 00 64 00 20 00 m.a.n. . S.t.d. . > [0F80] 46 00 61 00 6E 00 66 00 6F 00 6C 00 64 00 00 00 F.a.n.f. o.l.d... > [0F90] 47 00 65 00 72 00 6D 00 61 00 6E 00 20 00 4C 00 G.e.r.m. a.n. .L. > [0FA0] 65 00 67 00 61 00 6C 00 20 00 46 00 61 00 6E 00 e.g.a.l. .F.a.n. > [0FB0] 66 00 6F 00 6C 00 64 00 00 00 46 00 6F 00 6C 00 f.o.l.d. ..F.o.l. > [0FC0] 69 00 6F 00 00 00 45 00 78 00 65 00 63 00 75 00 i.o...E. x.e.c.u. > [0FD0] 74 00 69 00 76 00 65 00 00 00 45 00 6E 00 76 00 t.i.v.e. ..E.n.v. > [0FE0] 65 00 6C 00 6F 00 70 00 65 00 00 00 45 00 6E 00 e.l.o.p. e...E.n. > [0FF0] 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 4D 00 v.e.l.o. p.e. .M. > [1000] 6F 00 6E 00 61 00 72 00 63 00 68 00 00 00 45 00 o.n.a.r. c.h...E. > [1010] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . > [1020] 49 00 6E 00 76 00 69 00 74 00 65 00 00 00 45 00 I.n.v.i. t.e...E. > [1030] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . > [1040] 44 00 4C 00 00 00 45 00 6E 00 76 00 65 00 6C 00 D.L...E. n.v.e.l. > [1050] 6F 00 70 00 65 00 20 00 43 00 36 00 35 00 00 00 o.p.e. . C.6.5... > [1060] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. > [1070] 20 00 43 00 36 00 00 00 45 00 6E 00 76 00 65 00 .C.6... E.n.v.e. > [1080] 6C 00 6F 00 70 00 65 00 20 00 43 00 35 00 00 00 l.o.p.e. .C.5... > [1090] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. >[2012/08/30 15:27:54.598400, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 4280 bytes. There is no more data outstanding >[2012/08/30 15:27:54.598552, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=4280 >[2012/08/30 15:27:54.600976, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:54.601147, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:54.601266, 3] smbd/process.c:1662(process_smb) > Transaction 69 of length 63 (0 toread) >[2012/08/30 15:27:54.601383, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.601444, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=9472 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17760 (0x4560) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4280 (0x10B8) > smb_vwv[ 6]= 4280 (0x10B8) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 4280 (0x10B8) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:54.608652, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:54.608818, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.609008, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.609200, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/08/30 15:27:54.609491, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 8512, p->out_data.rdata.length = 9580. >[2012/08/30 15:27:54.609692, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x02 (2) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0444 (1092) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000042c (1068) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1068 > [0000] 20 00 43 00 34 00 00 00 45 00 6E 00 76 00 65 00 .C.4... E.n.v.e. > [0010] 6C 00 6F 00 70 00 65 00 20 00 43 00 33 00 00 00 l.o.p.e. .C.3... > [0020] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. > [0030] 20 00 42 00 36 00 00 00 45 00 6E 00 76 00 65 00 .B.6... E.n.v.e. > [0040] 6C 00 6F 00 70 00 65 00 20 00 42 00 35 00 00 00 l.o.p.e. .B.5... > [0050] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. > [0060] 20 00 42 00 34 00 00 00 45 00 6E 00 76 00 65 00 .B.4... E.n.v.e. > [0070] 6C 00 6F 00 70 00 65 00 20 00 23 00 39 00 00 00 l.o.p.e. .#.9... > [0080] 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 E.n.v.e. l.o.p.e. > [0090] 20 00 23 00 31 00 34 00 00 00 45 00 6E 00 76 00 .#.1.4. ..E.n.v. > [00A0] 65 00 6C 00 6F 00 70 00 65 00 20 00 23 00 31 00 e.l.o.p. e. .#.1. > [00B0] 32 00 00 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 2...E.n. v.e.l.o. > [00C0] 70 00 65 00 20 00 23 00 31 00 31 00 00 00 45 00 p.e. .#. 1.1...E. > [00D0] 6E 00 76 00 65 00 6C 00 6F 00 70 00 65 00 20 00 n.v.e.l. o.p.e. . > [00E0] 23 00 31 00 30 00 00 00 45 00 20 00 73 00 69 00 #.1.0... E. .s.i. > [00F0] 7A 00 65 00 20 00 73 00 68 00 65 00 65 00 74 00 z.e. .s. h.e.e.t. > [0100] 00 00 44 00 6F 00 75 00 62 00 6C 00 65 00 20 00 ..D.o.u. b.l.e. . > [0110] 4A 00 61 00 70 00 61 00 6E 00 20 00 50 00 6F 00 J.a.p.a. n. .P.o. > [0120] 73 00 74 00 63 00 61 00 72 00 64 00 20 00 52 00 s.t.c.a. r.d. .R. > [0130] 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 44 00 o.t.a.t. e.d...D. > [0140] 20 00 73 00 69 00 7A 00 65 00 20 00 73 00 68 00 .s.i.z. e. .s.h. > [0150] 65 00 65 00 74 00 00 00 43 00 20 00 73 00 69 00 e.e.t... C. .s.i. > [0160] 7A 00 65 00 20 00 73 00 68 00 65 00 65 00 74 00 z.e. .s. h.e.e.t. > [0170] 00 00 42 00 36 00 20 00 28 00 4A 00 49 00 53 00 ..B.6. . (.J.I.S. > [0180] 29 00 00 00 42 00 36 00 20 00 28 00 4A 00 49 00 )...B.6. .(.J.I. > [0190] 53 00 29 00 20 00 52 00 6F 00 74 00 61 00 74 00 S.). .R. o.t.a.t. > [01A0] 65 00 64 00 00 00 42 00 35 00 20 00 28 00 4A 00 e.d...B. 5. .(.J. > [01B0] 49 00 53 00 29 00 00 00 42 00 35 00 20 00 28 00 I.S.)... B.5. .(. > [01C0] 4A 00 49 00 53 00 29 00 20 00 54 00 72 00 61 00 J.I.S.). .T.r.a. > [01D0] 6E 00 73 00 76 00 65 00 72 00 73 00 65 00 00 00 n.s.v.e. r.s.e... > [01E0] 42 00 35 00 20 00 28 00 4A 00 49 00 53 00 29 00 B.5. .(. J.I.S.). > [01F0] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. > [0200] 00 00 42 00 35 00 20 00 28 00 49 00 53 00 4F 00 ..B.5. . (.I.S.O. > [0210] 29 00 20 00 45 00 78 00 74 00 72 00 61 00 00 00 ). .E.x. t.r.a... > [0220] 42 00 34 00 20 00 28 00 4A 00 49 00 53 00 29 00 B.4. .(. J.I.S.). > [0230] 00 00 42 00 34 00 20 00 28 00 4A 00 49 00 53 00 ..B.4. . (.J.I.S. > [0240] 29 00 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 ). .R.o. t.a.t.e. > [0250] 64 00 00 00 42 00 34 00 20 00 28 00 49 00 53 00 d...B.4. .(.I.S. > [0260] 4F 00 29 00 00 00 41 00 36 00 00 00 41 00 36 00 O.)...A. 6...A.6. > [0270] 20 00 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 .R.o.t. a.t.e.d. > [0280] 00 00 41 00 35 00 00 00 41 00 35 00 20 00 54 00 ..A.5... A.5. .T. > [0290] 72 00 61 00 6E 00 73 00 76 00 65 00 72 00 73 00 r.a.n.s. v.e.r.s. > [02A0] 65 00 00 00 41 00 35 00 20 00 52 00 6F 00 74 00 e...A.5. .R.o.t. > [02B0] 61 00 74 00 65 00 64 00 00 00 41 00 35 00 20 00 a.t.e.d. ..A.5. . > [02C0] 45 00 78 00 74 00 72 00 61 00 00 00 41 00 34 00 E.x.t.r. a...A.4. > [02D0] 00 00 41 00 34 00 20 00 54 00 72 00 61 00 6E 00 ..A.4. . T.r.a.n. > [02E0] 73 00 76 00 65 00 72 00 73 00 65 00 00 00 41 00 s.v.e.r. s.e...A. > [02F0] 34 00 20 00 53 00 6D 00 61 00 6C 00 6C 00 00 00 4. .S.m. a.l.l... > [0300] 41 00 34 00 20 00 52 00 6F 00 74 00 61 00 74 00 A.4. .R. o.t.a.t. > [0310] 65 00 64 00 00 00 41 00 34 00 20 00 50 00 6C 00 e.d...A. 4. .P.l. > [0320] 75 00 73 00 00 00 41 00 34 00 20 00 45 00 78 00 u.s...A. 4. .E.x. > [0330] 74 00 72 00 61 00 00 00 41 00 33 00 00 00 41 00 t.r.a... A.3...A. > [0340] 33 00 20 00 54 00 72 00 61 00 6E 00 73 00 76 00 3. .T.r. a.n.s.v. > [0350] 65 00 72 00 73 00 65 00 00 00 41 00 33 00 20 00 e.r.s.e. ..A.3. . > [0360] 52 00 6F 00 74 00 61 00 74 00 65 00 64 00 00 00 R.o.t.a. t.e.d... > [0370] 41 00 33 00 20 00 45 00 78 00 74 00 72 00 61 00 A.3. .E. x.t.r.a. > [0380] 00 00 41 00 33 00 20 00 45 00 78 00 74 00 72 00 ..A.3. . E.x.t.r. > [0390] 61 00 20 00 54 00 72 00 61 00 6E 00 73 00 76 00 a. .T.r. a.n.s.v. > [03A0] 65 00 72 00 73 00 65 00 00 00 41 00 32 00 00 00 e.r.s.e. ..A.2... > [03B0] 41 00 31 00 00 00 41 00 30 00 00 00 39 00 78 00 A.1...A. 0...9.x. > [03C0] 31 00 31 00 00 00 36 00 20 00 33 00 2F 00 34 00 1.1...6. .3./.4. > [03D0] 20 00 45 00 6E 00 76 00 65 00 6C 00 6F 00 70 00 .E.n.v. e.l.o.p. > [03E0] 65 00 00 00 31 00 35 00 78 00 31 00 31 00 00 00 e...1.5. x.1.1... > [03F0] 31 00 32 00 78 00 31 00 31 00 00 00 31 00 31 00 1.2.x.1. 1...1.1. > [0400] 78 00 31 00 37 00 00 00 31 00 30 00 78 00 31 00 x.1.7... 1.0.x.1. > [0410] 34 00 00 00 31 00 30 00 78 00 31 00 31 00 00 00 4...1.0. x.1.1... > [0420] E0 1D 00 00 78 00 00 00 00 00 00 00 ....x... .... >[2012/08/30 15:27:54.616474, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 31828 >[2012/08/30 15:27:54.616647, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:54.616784, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1092 bytes. There is no more data outstanding >[2012/08/30 15:27:54.616903, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=4280 max=4280 nread=1092 >[2012/08/30 15:27:54.624605, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 172 >[2012/08/30 15:27:54.624790, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xac >[2012/08/30 15:27:54.624911, 3] smbd/process.c:1662(process_smb) > Transaction 70 of length 176 (0 toread) >[2012/08/30 15:27:54.625029, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.625091, 5] lib/util.c:342(show_msg) > size=172 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9536 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 88 (0x58) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 88 (0x58) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=105 >[2012/08/30 15:27:54.626757, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 58 00 00 00 06 00 00 ........ .X...... > [0020] 00 40 00 00 00 00 00 1A 00 00 00 00 00 40 00 00 .@...... .....@.. > [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 0D 00 00 .....?P. ........ > [0040] 00 00 00 00 00 0D 00 00 00 44 00 72 00 69 00 76 ........ .D.r.i.v > [0050] 00 65 00 72 00 50 00 6F 00 6C 00 69 00 63 00 79 .e.r.P.o .l.i.c.y > [0060] 00 00 00 00 00 00 04 00 00 ........ . >[2012/08/30 15:27:54.627298, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.627585, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.627716, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=88 params=0 setup=2 >[2012/08/30 15:27:54.627837, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.627972, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.628091, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.628209, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.628328, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 >[2012/08/30 15:27:54.628448, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 88 >[2012/08/30 15:27:54.628568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2012/08/30 15:27:54.628685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 88 >[2012/08/30 15:27:54.628857, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 88, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.628986, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.629104, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2012/08/30 15:27:54.629225, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 72 >[2012/08/30 15:27:54.629349, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.629467, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 72 >[2012/08/30 15:27:54.630729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 72, incoming data = 72 >[2012/08/30 15:27:54.630936, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.631063, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0058 (88) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000040 (64) > context_id : 0x0000 (0) > opnum : 0x001a (26) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=64 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 0D 00 00 00 00 00 00 00 0D 00 00 00 ........ ........ > [0020] 44 00 72 00 69 00 76 00 65 00 72 00 50 00 6F 00 D.r.i.v. e.r.P.o. > [0030] 6C 00 69 00 63 00 79 00 00 00 00 00 00 04 00 00 l.i.c.y. ........ >[2012/08/30 15:27:54.636413, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.636552, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.636673, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.636797, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/08/30 15:27:54.638146, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fd50aed07e0 >[2012/08/30 15:27:54.638288, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > in: struct spoolss_GetPrinterData > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > value_name : 'DriverPolicy' > offered : 0x00000400 (1024) >[2012/08/30 15:27:54.638821, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.639019, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/08/30 15:27:54.639149, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [DriverPolicy] >[2012/08/30 15:27:54.639421, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.640785, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:54.640943, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:54.641068, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:54.641188, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:54.641315, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:54.641448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.644148, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.644276, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.644399, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.644518, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.644637, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.644754, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.644924, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.645061, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.645184, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.645382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000047-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.645885, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000047-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x00ac (172) > name_size : 0x00ac (172) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.647592, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.647802, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:54.647923, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.648045, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.648163, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.648282, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.648403, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.648554, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:54.648690, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:54.648810, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.648933, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.649050, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.649260, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.649414, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.649556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.649693, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:54.649814, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.649936, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.650057, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.650177, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.650322, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.653098, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.653257, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:54.653380, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.653513, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.653631, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.653752, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.653869, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.654015, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.654136, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.654278, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.654398, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.654518, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.654635, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.654778, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:54.654898, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.655020, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.655138, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.655262, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.655378, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.655523, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.655667, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.655828, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.655954, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.656072, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.656194, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.656310, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.656449, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.656585, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [PrinterDriverData] >[2012/08/30 15:27:54.656720, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:54.656843, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.656968, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.657089, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.657205, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.657338, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.657470, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.657611, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.657735, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:54.657873, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.657992, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.658111, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.658229, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.658348, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.658483, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.658604, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.658801, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000048-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.659321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000048-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x001a (26) > name_size : 0x001a (26) > name : * > name : 'DriverPolicy' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.660584, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.660790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.660935, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.661074, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.661202, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515\PrinterDriverData] >[2012/08/30 15:27:54.661381, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[TrayFormSize] len[4] >[2012/08/30 15:27:54.661507, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[TrayFormTable] len[432] >[2012/08/30 15:27:54.661628, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[TrayFormMapSize] len[4] >[2012/08/30 15:27:54.661749, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[TrayFormKeywordSize] len[4] >[2012/08/30 15:27:54.661870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[TrayFormKeyword] len[87] >[2012/08/30 15:27:54.661992, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[TrayFormMap] len[118] >[2012/08/30 15:27:54.662113, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[FreeMem] len[4] >[2012/08/30 15:27:54.662235, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[JobTimeOut] len[4] >[2012/08/30 15:27:54.662394, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Protocol] len[4] >[2012/08/30 15:27:54.662517, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[PrinterDataSize] len[4] >[2012/08/30 15:27:54.662638, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[PrinterData] len[560] >[2012/08/30 15:27:54.662758, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[FeatureKeywordSize] len[4] >[2012/08/30 15:27:54.662883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[FeatureKeyword] len[2] >[2012/08/30 15:27:54.663005, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:54.663123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:54.664035, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000048-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.664477, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.664685, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 48 00 00 00 00 00 00 00 3F 50 BA BE ....H... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.664878, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.664998, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.665116, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.665594, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000047-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.666036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.666234, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 47 00 00 00 00 00 00 00 3F 50 BA BE ....G... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.666426, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.666543, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.666661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.667137, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > out: struct spoolss_GetPrinterData > type : * > type : REG_NONE (0) > data : * > data: ARRAY(1024) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > [4] : 0x00 (0) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x00 (0) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x00 (0) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x00 (0) > [88] : 0x00 (0) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x00 (0) > [101] : 0x00 (0) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x00 (0) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x00 (0) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x00 (0) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x00 (0) > [221] : 0x00 (0) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x00 (0) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > [284] : 0x00 (0) > [285] : 0x00 (0) > [286] : 0x00 (0) > [287] : 0x00 (0) > [288] : 0x00 (0) > [289] : 0x00 (0) > [290] : 0x00 (0) > [291] : 0x00 (0) > [292] : 0x00 (0) > [293] : 0x00 (0) > [294] : 0x00 (0) > [295] : 0x00 (0) > [296] : 0x00 (0) > [297] : 0x00 (0) > [298] : 0x00 (0) > [299] : 0x00 (0) > [300] : 0x00 (0) > [301] : 0x00 (0) > [302] : 0x00 (0) > [303] : 0x00 (0) > [304] : 0x00 (0) > [305] : 0x00 (0) > [306] : 0x00 (0) > [307] : 0x00 (0) > [308] : 0x00 (0) > [309] : 0x00 (0) > [310] : 0x00 (0) > [311] : 0x00 (0) > [312] : 0x00 (0) > [313] : 0x00 (0) > [314] : 0x00 (0) > [315] : 0x00 (0) > [316] : 0x00 (0) > [317] : 0x00 (0) > [318] : 0x00 (0) > [319] : 0x00 (0) > [320] : 0x00 (0) > [321] : 0x00 (0) > [322] : 0x00 (0) > [323] : 0x00 (0) > [324] : 0x00 (0) > [325] : 0x00 (0) > [326] : 0x00 (0) > [327] : 0x00 (0) > [328] : 0x00 (0) > [329] : 0x00 (0) > [330] : 0x00 (0) > [331] : 0x00 (0) > [332] : 0x00 (0) > [333] : 0x00 (0) > [334] : 0x00 (0) > [335] : 0x00 (0) > [336] : 0x00 (0) > [337] : 0x00 (0) > [338] : 0x00 (0) > [339] : 0x00 (0) > [340] : 0x00 (0) > [341] : 0x00 (0) > [342] : 0x00 (0) > [343] : 0x00 (0) > [344] : 0x00 (0) > [345] : 0x00 (0) > [346] : 0x00 (0) > [347] : 0x00 (0) > [348] : 0x00 (0) > [349] : 0x00 (0) > [350] : 0x00 (0) > [351] : 0x00 (0) > [352] : 0x00 (0) > [353] : 0x00 (0) > [354] : 0x00 (0) > [355] : 0x00 (0) > [356] : 0x00 (0) > [357] : 0x00 (0) > [358] : 0x00 (0) > [359] : 0x00 (0) > [360] : 0x00 (0) > [361] : 0x00 (0) > [362] : 0x00 (0) > [363] : 0x00 (0) > [364] : 0x00 (0) > [365] : 0x00 (0) > [366] : 0x00 (0) > [367] : 0x00 (0) > [368] : 0x00 (0) > [369] : 0x00 (0) > [370] : 0x00 (0) > [371] : 0x00 (0) > [372] : 0x00 (0) > [373] : 0x00 (0) > [374] : 0x00 (0) > [375] : 0x00 (0) > [376] : 0x00 (0) > [377] : 0x00 (0) > [378] : 0x00 (0) > [379] : 0x00 (0) > [380] : 0x00 (0) > [381] : 0x00 (0) > [382] : 0x00 (0) > [383] : 0x00 (0) > [384] : 0x00 (0) > [385] : 0x00 (0) > [386] : 0x00 (0) > [387] : 0x00 (0) > [388] : 0x00 (0) > [389] : 0x00 (0) > [390] : 0x00 (0) > [391] : 0x00 (0) > [392] : 0x00 (0) > [393] : 0x00 (0) > [394] : 0x00 (0) > [395] : 0x00 (0) > [396] : 0x00 (0) > [397] : 0x00 (0) > [398] : 0x00 (0) > [399] : 0x00 (0) > [400] : 0x00 (0) > [401] : 0x00 (0) > [402] : 0x00 (0) > [403] : 0x00 (0) > [404] : 0x00 (0) > [405] : 0x00 (0) > [406] : 0x00 (0) > [407] : 0x00 (0) > [408] : 0x00 (0) > [409] : 0x00 (0) > [410] : 0x00 (0) > [411] : 0x00 (0) > [412] : 0x00 (0) > [413] : 0x00 (0) > [414] : 0x00 (0) > [415] : 0x00 (0) > [416] : 0x00 (0) > [417] : 0x00 (0) > [418] : 0x00 (0) > [419] : 0x00 (0) > [420] : 0x00 (0) > [421] : 0x00 (0) > [422] : 0x00 (0) > [423] : 0x00 (0) > [424] : 0x00 (0) > [425] : 0x00 (0) > [426] : 0x00 (0) > [427] : 0x00 (0) > [428] : 0x00 (0) > [429] : 0x00 (0) > [430] : 0x00 (0) > [431] : 0x00 (0) > [432] : 0x00 (0) > [433] : 0x00 (0) > [434] : 0x00 (0) > [435] : 0x00 (0) > [436] : 0x00 (0) > [437] : 0x00 (0) > [438] : 0x00 (0) > [439] : 0x00 (0) > [440] : 0x00 (0) > [441] : 0x00 (0) > [442] : 0x00 (0) > [443] : 0x00 (0) > [444] : 0x00 (0) > [445] : 0x00 (0) > [446] : 0x00 (0) > [447] : 0x00 (0) > [448] : 0x00 (0) > [449] : 0x00 (0) > [450] : 0x00 (0) > [451] : 0x00 (0) > [452] : 0x00 (0) > [453] : 0x00 (0) > [454] : 0x00 (0) > [455] : 0x00 (0) > [456] : 0x00 (0) > [457] : 0x00 (0) > [458] : 0x00 (0) > [459] : 0x00 (0) > [460] : 0x00 (0) > [461] : 0x00 (0) > [462] : 0x00 (0) > [463] : 0x00 (0) > [464] : 0x00 (0) > [465] : 0x00 (0) > [466] : 0x00 (0) > [467] : 0x00 (0) > [468] : 0x00 (0) > [469] : 0x00 (0) > [470] : 0x00 (0) > [471] : 0x00 (0) > [472] : 0x00 (0) > [473] : 0x00 (0) > [474] : 0x00 (0) > [475] : 0x00 (0) > [476] : 0x00 (0) > [477] : 0x00 (0) > [478] : 0x00 (0) > [479] : 0x00 (0) > [480] : 0x00 (0) > [481] : 0x00 (0) > [482] : 0x00 (0) > [483] : 0x00 (0) > [484] : 0x00 (0) > [485] : 0x00 (0) > [486] : 0x00 (0) > [487] : 0x00 (0) > [488] : 0x00 (0) > [489] : 0x00 (0) > [490] : 0x00 (0) > [491] : 0x00 (0) > [492] : 0x00 (0) > [493] : 0x00 (0) > [494] : 0x00 (0) > [495] : 0x00 (0) > [496] : 0x00 (0) > [497] : 0x00 (0) > [498] : 0x00 (0) > [499] : 0x00 (0) > [500] : 0x00 (0) > [501] : 0x00 (0) > [502] : 0x00 (0) > [503] : 0x00 (0) > [504] : 0x00 (0) > [505] : 0x00 (0) > [506] : 0x00 (0) > [507] : 0x00 (0) > [508] : 0x00 (0) > [509] : 0x00 (0) > [510] : 0x00 (0) > [511] : 0x00 (0) > [512] : 0x00 (0) > [513] : 0x00 (0) > [514] : 0x00 (0) > [515] : 0x00 (0) > [516] : 0x00 (0) > [517] : 0x00 (0) > [518] : 0x00 (0) > [519] : 0x00 (0) > [520] : 0x00 (0) > [521] : 0x00 (0) > [522] : 0x00 (0) > [523] : 0x00 (0) > [524] : 0x00 (0) > [525] : 0x00 (0) > [526] : 0x00 (0) > [527] : 0x00 (0) > [528] : 0x00 (0) > [529] : 0x00 (0) > [530] : 0x00 (0) > [531] : 0x00 (0) > [532] : 0x00 (0) > [533] : 0x00 (0) > [534] : 0x00 (0) > [535] : 0x00 (0) > [536] : 0x00 (0) > [537] : 0x00 (0) > [538] : 0x00 (0) > [539] : 0x00 (0) > [540] : 0x00 (0) > [541] : 0x00 (0) > [542] : 0x00 (0) > [543] : 0x00 (0) > [544] : 0x00 (0) > [545] : 0x00 (0) > [546] : 0x00 (0) > [547] : 0x00 (0) > [548] : 0x00 (0) > [549] : 0x00 (0) > [550] : 0x00 (0) > [551] : 0x00 (0) > [552] : 0x00 (0) > [553] : 0x00 (0) > [554] : 0x00 (0) > [555] : 0x00 (0) > [556] : 0x00 (0) > [557] : 0x00 (0) > [558] : 0x00 (0) > [559] : 0x00 (0) > [560] : 0x00 (0) > [561] : 0x00 (0) > [562] : 0x00 (0) > [563] : 0x00 (0) > [564] : 0x00 (0) > [565] : 0x00 (0) > [566] : 0x00 (0) > [567] : 0x00 (0) > [568] : 0x00 (0) > [569] : 0x00 (0) > [570] : 0x00 (0) > [571] : 0x00 (0) > [572] : 0x00 (0) > [573] : 0x00 (0) > [574] : 0x00 (0) > [575] : 0x00 (0) > [576] : 0x00 (0) > [577] : 0x00 (0) > [578] : 0x00 (0) > [579] : 0x00 (0) > [580] : 0x00 (0) > [581] : 0x00 (0) > [582] : 0x00 (0) > [583] : 0x00 (0) > [584] : 0x00 (0) > [585] : 0x00 (0) > [586] : 0x00 (0) > [587] : 0x00 (0) > [588] : 0x00 (0) > [589] : 0x00 (0) > [590] : 0x00 (0) > [591] : 0x00 (0) > [592] : 0x00 (0) > [593] : 0x00 (0) > [594] : 0x00 (0) > [595] : 0x00 (0) > [596] : 0x00 (0) > [597] : 0x00 (0) > [598] : 0x00 (0) > [599] : 0x00 (0) > [600] : 0x00 (0) > [601] : 0x00 (0) > [602] : 0x00 (0) > [603] : 0x00 (0) > [604] : 0x00 (0) > [605] : 0x00 (0) > [606] : 0x00 (0) > [607] : 0x00 (0) > [608] : 0x00 (0) > [609] : 0x00 (0) > [610] : 0x00 (0) > [611] : 0x00 (0) > [612] : 0x00 (0) > [613] : 0x00 (0) > [614] : 0x00 (0) > [615] : 0x00 (0) > [616] : 0x00 (0) > [617] : 0x00 (0) > [618] : 0x00 (0) > [619] : 0x00 (0) > [620] : 0x00 (0) > [621] : 0x00 (0) > [622] : 0x00 (0) > [623] : 0x00 (0) > [624] : 0x00 (0) > [625] : 0x00 (0) > [626] : 0x00 (0) > [627] : 0x00 (0) > [628] : 0x00 (0) > [629] : 0x00 (0) > [630] : 0x00 (0) > [631] : 0x00 (0) > [632] : 0x00 (0) > [633] : 0x00 (0) > [634] : 0x00 (0) > [635] : 0x00 (0) > [636] : 0x00 (0) > [637] : 0x00 (0) > [638] : 0x00 (0) > [639] : 0x00 (0) > [640] : 0x00 (0) > [641] : 0x00 (0) > [642] : 0x00 (0) > [643] : 0x00 (0) > [644] : 0x00 (0) > [645] : 0x00 (0) > [646] : 0x00 (0) > [647] : 0x00 (0) > [648] : 0x00 (0) > [649] : 0x00 (0) > [650] : 0x00 (0) > [651] : 0x00 (0) > [652] : 0x00 (0) > [653] : 0x00 (0) > [654] : 0x00 (0) > [655] : 0x00 (0) > [656] : 0x00 (0) > [657] : 0x00 (0) > [658] : 0x00 (0) > [659] : 0x00 (0) > [660] : 0x00 (0) > [661] : 0x00 (0) > [662] : 0x00 (0) > [663] : 0x00 (0) > [664] : 0x00 (0) > [665] : 0x00 (0) > [666] : 0x00 (0) > [667] : 0x00 (0) > [668] : 0x00 (0) > [669] : 0x00 (0) > [670] : 0x00 (0) > [671] : 0x00 (0) > [672] : 0x00 (0) > [673] : 0x00 (0) > [674] : 0x00 (0) > [675] : 0x00 (0) > [676] : 0x00 (0) > [677] : 0x00 (0) > [678] : 0x00 (0) > [679] : 0x00 (0) > [680] : 0x00 (0) > [681] : 0x00 (0) > [682] : 0x00 (0) > [683] : 0x00 (0) > [684] : 0x00 (0) > [685] : 0x00 (0) > [686] : 0x00 (0) > [687] : 0x00 (0) > [688] : 0x00 (0) > [689] : 0x00 (0) > [690] : 0x00 (0) > [691] : 0x00 (0) > [692] : 0x00 (0) > [693] : 0x00 (0) > [694] : 0x00 (0) > [695] : 0x00 (0) > [696] : 0x00 (0) > [697] : 0x00 (0) > [698] : 0x00 (0) > [699] : 0x00 (0) > [700] : 0x00 (0) > [701] : 0x00 (0) > [702] : 0x00 (0) > [703] : 0x00 (0) > [704] : 0x00 (0) > [705] : 0x00 (0) > [706] : 0x00 (0) > [707] : 0x00 (0) > [708] : 0x00 (0) > [709] : 0x00 (0) > [710] : 0x00 (0) > [711] : 0x00 (0) > [712] : 0x00 (0) > [713] : 0x00 (0) > [714] : 0x00 (0) > [715] : 0x00 (0) > [716] : 0x00 (0) > [717] : 0x00 (0) > [718] : 0x00 (0) > [719] : 0x00 (0) > [720] : 0x00 (0) > [721] : 0x00 (0) > [722] : 0x00 (0) > [723] : 0x00 (0) > [724] : 0x00 (0) > [725] : 0x00 (0) > [726] : 0x00 (0) > [727] : 0x00 (0) > [728] : 0x00 (0) > [729] : 0x00 (0) > [730] : 0x00 (0) > [731] : 0x00 (0) > [732] : 0x00 (0) > [733] : 0x00 (0) > [734] : 0x00 (0) > [735] : 0x00 (0) > [736] : 0x00 (0) > [737] : 0x00 (0) > [738] : 0x00 (0) > [739] : 0x00 (0) > [740] : 0x00 (0) > [741] : 0x00 (0) > [742] : 0x00 (0) > [743] : 0x00 (0) > [744] : 0x00 (0) > [745] : 0x00 (0) > [746] : 0x00 (0) > [747] : 0x00 (0) > [748] : 0x00 (0) > [749] : 0x00 (0) > [750] : 0x00 (0) > [751] : 0x00 (0) > [752] : 0x00 (0) > [753] : 0x00 (0) > [754] : 0x00 (0) > [755] : 0x00 (0) > [756] : 0x00 (0) > [757] : 0x00 (0) > [758] : 0x00 (0) > [759] : 0x00 (0) > [760] : 0x00 (0) > [761] : 0x00 (0) > [762] : 0x00 (0) > [763] : 0x00 (0) > [764] : 0x00 (0) > [765] : 0x00 (0) > [766] : 0x00 (0) > [767] : 0x00 (0) > [768] : 0x00 (0) > [769] : 0x00 (0) > [770] : 0x00 (0) > [771] : 0x00 (0) > [772] : 0x00 (0) > [773] : 0x00 (0) > [774] : 0x00 (0) > [775] : 0x00 (0) > [776] : 0x00 (0) > [777] : 0x00 (0) > [778] : 0x00 (0) > [779] : 0x00 (0) > [780] : 0x00 (0) > [781] : 0x00 (0) > [782] : 0x00 (0) > [783] : 0x00 (0) > [784] : 0x00 (0) > [785] : 0x00 (0) > [786] : 0x00 (0) > [787] : 0x00 (0) > [788] : 0x00 (0) > [789] : 0x00 (0) > [790] : 0x00 (0) > [791] : 0x00 (0) > [792] : 0x00 (0) > [793] : 0x00 (0) > [794] : 0x00 (0) > [795] : 0x00 (0) > [796] : 0x00 (0) > [797] : 0x00 (0) > [798] : 0x00 (0) > [799] : 0x00 (0) > [800] : 0x00 (0) > [801] : 0x00 (0) > [802] : 0x00 (0) > [803] : 0x00 (0) > [804] : 0x00 (0) > [805] : 0x00 (0) > [806] : 0x00 (0) > [807] : 0x00 (0) > [808] : 0x00 (0) > [809] : 0x00 (0) > [810] : 0x00 (0) > [811] : 0x00 (0) > [812] : 0x00 (0) > [813] : 0x00 (0) > [814] : 0x00 (0) > [815] : 0x00 (0) > [816] : 0x00 (0) > [817] : 0x00 (0) > [818] : 0x00 (0) > [819] : 0x00 (0) > [820] : 0x00 (0) > [821] : 0x00 (0) > [822] : 0x00 (0) > [823] : 0x00 (0) > [824] : 0x00 (0) > [825] : 0x00 (0) > [826] : 0x00 (0) > [827] : 0x00 (0) > [828] : 0x00 (0) > [829] : 0x00 (0) > [830] : 0x00 (0) > [831] : 0x00 (0) > [832] : 0x00 (0) > [833] : 0x00 (0) > [834] : 0x00 (0) > [835] : 0x00 (0) > [836] : 0x00 (0) > [837] : 0x00 (0) > [838] : 0x00 (0) > [839] : 0x00 (0) > [840] : 0x00 (0) > [841] : 0x00 (0) > [842] : 0x00 (0) > [843] : 0x00 (0) > [844] : 0x00 (0) > [845] : 0x00 (0) > [846] : 0x00 (0) > [847] : 0x00 (0) > [848] : 0x00 (0) > [849] : 0x00 (0) > [850] : 0x00 (0) > [851] : 0x00 (0) > [852] : 0x00 (0) > [853] : 0x00 (0) > [854] : 0x00 (0) > [855] : 0x00 (0) > [856] : 0x00 (0) > [857] : 0x00 (0) > [858] : 0x00 (0) > [859] : 0x00 (0) > [860] : 0x00 (0) > [861] : 0x00 (0) > [862] : 0x00 (0) > [863] : 0x00 (0) > [864] : 0x00 (0) > [865] : 0x00 (0) > [866] : 0x00 (0) > [867] : 0x00 (0) > [868] : 0x00 (0) > [869] : 0x00 (0) > [870] : 0x00 (0) > [871] : 0x00 (0) > [872] : 0x00 (0) > [873] : 0x00 (0) > [874] : 0x00 (0) > [875] : 0x00 (0) > [876] : 0x00 (0) > [877] : 0x00 (0) > [878] : 0x00 (0) > [879] : 0x00 (0) > [880] : 0x00 (0) > [881] : 0x00 (0) > [882] : 0x00 (0) > [883] : 0x00 (0) > [884] : 0x00 (0) > [885] : 0x00 (0) > [886] : 0x00 (0) > [887] : 0x00 (0) > [888] : 0x00 (0) > [889] : 0x00 (0) > [890] : 0x00 (0) > [891] : 0x00 (0) > [892] : 0x00 (0) > [893] : 0x00 (0) > [894] : 0x00 (0) > [895] : 0x00 (0) > [896] : 0x00 (0) > [897] : 0x00 (0) > [898] : 0x00 (0) > [899] : 0x00 (0) > [900] : 0x00 (0) > [901] : 0x00 (0) > [902] : 0x00 (0) > [903] : 0x00 (0) > [904] : 0x00 (0) > [905] : 0x00 (0) > [906] : 0x00 (0) > [907] : 0x00 (0) > [908] : 0x00 (0) > [909] : 0x00 (0) > [910] : 0x00 (0) > [911] : 0x00 (0) > [912] : 0x00 (0) > [913] : 0x00 (0) > [914] : 0x00 (0) > [915] : 0x00 (0) > [916] : 0x00 (0) > [917] : 0x00 (0) > [918] : 0x00 (0) > [919] : 0x00 (0) > [920] : 0x00 (0) > [921] : 0x00 (0) > [922] : 0x00 (0) > [923] : 0x00 (0) > [924] : 0x00 (0) > [925] : 0x00 (0) > [926] : 0x00 (0) > [927] : 0x00 (0) > [928] : 0x00 (0) > [929] : 0x00 (0) > [930] : 0x00 (0) > [931] : 0x00 (0) > [932] : 0x00 (0) > [933] : 0x00 (0) > [934] : 0x00 (0) > [935] : 0x00 (0) > [936] : 0x00 (0) > [937] : 0x00 (0) > [938] : 0x00 (0) > [939] : 0x00 (0) > [940] : 0x00 (0) > [941] : 0x00 (0) > [942] : 0x00 (0) > [943] : 0x00 (0) > [944] : 0x00 (0) > [945] : 0x00 (0) > [946] : 0x00 (0) > [947] : 0x00 (0) > [948] : 0x00 (0) > [949] : 0x00 (0) > [950] : 0x00 (0) > [951] : 0x00 (0) > [952] : 0x00 (0) > [953] : 0x00 (0) > [954] : 0x00 (0) > [955] : 0x00 (0) > [956] : 0x00 (0) > [957] : 0x00 (0) > [958] : 0x00 (0) > [959] : 0x00 (0) > [960] : 0x00 (0) > [961] : 0x00 (0) > [962] : 0x00 (0) > [963] : 0x00 (0) > [964] : 0x00 (0) > [965] : 0x00 (0) > [966] : 0x00 (0) > [967] : 0x00 (0) > [968] : 0x00 (0) > [969] : 0x00 (0) > [970] : 0x00 (0) > [971] : 0x00 (0) > [972] : 0x00 (0) > [973] : 0x00 (0) > [974] : 0x00 (0) > [975] : 0x00 (0) > [976] : 0x00 (0) > [977] : 0x00 (0) > [978] : 0x00 (0) > [979] : 0x00 (0) > [980] : 0x00 (0) > [981] : 0x00 (0) > [982] : 0x00 (0) > [983] : 0x00 (0) > [984] : 0x00 (0) > [985] : 0x00 (0) > [986] : 0x00 (0) > [987] : 0x00 (0) > [988] : 0x00 (0) > [989] : 0x00 (0) > [990] : 0x00 (0) > [991] : 0x00 (0) > [992] : 0x00 (0) > [993] : 0x00 (0) > [994] : 0x00 (0) > [995] : 0x00 (0) > [996] : 0x00 (0) > [997] : 0x00 (0) > [998] : 0x00 (0) > [999] : 0x00 (0) > [1000] : 0x00 (0) > [1001] : 0x00 (0) > [1002] : 0x00 (0) > [1003] : 0x00 (0) > [1004] : 0x00 (0) > [1005] : 0x00 (0) > [1006] : 0x00 (0) > [1007] : 0x00 (0) > [1008] : 0x00 (0) > [1009] : 0x00 (0) > [1010] : 0x00 (0) > [1011] : 0x00 (0) > [1012] : 0x00 (0) > [1013] : 0x00 (0) > [1014] : 0x00 (0) > [1015] : 0x00 (0) > [1016] : 0x00 (0) > [1017] : 0x00 (0) > [1018] : 0x00 (0) > [1019] : 0x00 (0) > [1020] : 0x00 (0) > [1021] : 0x00 (0) > [1022] : 0x00 (0) > [1023] : 0x00 (0) > needed : * > needed : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:54.745667, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:54.745812, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 72 >[2012/08/30 15:27:54.745947, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/08/30 15:27:54.746067, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1040. >[2012/08/30 15:27:54.746194, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0428 (1064) > auth_length : 0x0000 (0) > call_id : 0x00000006 (6) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000410 (1040) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1040 > [0000] 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ........ ........ >[2012/08/30 15:27:54.752886, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:54.753015, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:54.753147, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1064 bytes. There is no more data outstanding >[2012/08/30 15:27:54.753278, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1064] (align 0) >[2012/08/30 15:27:54.753398, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.753460, 5] lib/util.c:342(show_msg) > size=1120 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9536 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1064 (0x428) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1064 (0x428) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1065 >[2012/08/30 15:27:54.754801, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 28 04 00 00 06 00 00 ........ .(...... > [0010] 00 10 04 00 00 00 00 00 00 00 00 00 00 00 04 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.758077, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 2240 >[2012/08/30 15:27:54.758238, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c0 >[2012/08/30 15:27:54.758358, 3] smbd/process.c:1662(process_smb) > Transaction 71 of length 2244 (0 toread) >[2012/08/30 15:27:54.758497, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:54.758559, 5] lib/util.c:342(show_msg) > size=2240 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9600 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2156 (0x86C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 2156 (0x86C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=2173 >[2012/08/30 15:27:54.760444, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 6C 08 00 00 07 00 00 ........ .l...... > [0020] 00 54 08 00 00 00 00 35 00 00 00 00 00 40 00 00 .T.....5 .....@.. > [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 00 00 02 .....?P. ........ > [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i > [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 > [0060] 00 34 00 00 00 06 00 00 00 04 00 02 00 00 08 00 .4...... ........ > [0070] 00 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 .X.;.... ..d;.... > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:54.762697, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:54.762822, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:54.762949, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=2156 params=0 setup=2 >[2012/08/30 15:27:54.763071, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:54.763226, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:54.763344, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:54.763462, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:54.763613, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 >[2012/08/30 15:27:54.763734, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 2156 >[2012/08/30 15:27:54.763855, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 2156 >[2012/08/30 15:27:54.763972, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 2156 >[2012/08/30 15:27:54.764090, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 2156, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:54.764214, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:54.764331, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 2140 >[2012/08/30 15:27:54.764448, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 2140 >[2012/08/30 15:27:54.764567, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:54.764684, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 2140 >[2012/08/30 15:27:54.764800, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 2140, incoming data = 2140 >[2012/08/30 15:27:54.764924, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:54.765049, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x086c (2156) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000854 (2132) > context_id : 0x0000 (0) > opnum : 0x0035 (53) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=2132 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ > [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. > [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... > [0040] 04 00 02 00 00 08 00 00 58 01 3B 00 00 00 00 00 ........ X.;..... > [0050] D0 64 3B 00 00 00 00 00 00 00 00 00 00 00 00 00 .d;..... ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] C5 26 00 E3 01 F5 04 00 58 01 3B 00 00 00 00 00 .&...... X.;..... > [0460] D0 64 3B 00 00 00 00 00 28 9A 01 00 20 42 02 00 .d;..... (... B.. > [0470] 00 00 00 00 00 00 00 00 28 9A 01 00 20 42 02 00 ........ (... B.. > [0480] 01 00 00 00 2C 20 00 00 FC 82 29 00 00 00 00 00 ...., .. ..)..... > [0490] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ > [04A0] 90 D0 03 00 E8 62 05 00 01 00 00 00 EA 1F 00 00 .....b.. ........ > [04B0] DA 82 29 00 00 00 00 00 E0 8D 05 00 E8 EB 03 00 ..)..... ........ > [04C0] 00 00 00 00 00 00 00 00 E0 8D 05 00 E8 EB 03 00 ........ ........ > [04D0] 01 00 00 00 B8 1F 00 00 C8 82 29 00 00 00 00 00 ........ ..)..... > [04E0] E8 EB 03 00 E0 8D 05 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] E8 EB 03 00 E0 8D 05 00 01 00 00 00 7A 1F 00 00 ........ ....z... > [0500] AA 82 29 00 00 00 00 00 28 11 03 00 20 36 04 00 ..)..... (... 6.. > [0510] 00 00 00 00 00 00 00 00 28 11 03 00 20 36 04 00 ........ (... 6.. > [0520] 01 00 00 00 38 1F 00 00 88 82 29 00 00 00 00 00 ....8... ..)..... > [0530] E8 EB 03 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] E8 EB 03 00 F0 C6 02 00 01 00 00 00 F0 1E 00 00 ........ ........ > [0550] 60 82 29 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 `.)..... ........ > [0560] 00 00 00 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 ........ ........ > [0570] 01 00 00 00 BE 1E 00 00 4E 82 29 00 00 00 00 00 ........ N.)..... > [0580] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] F0 C6 02 00 E8 EB 03 00 01 00 00 00 7C 1E 00 00 ........ ....|... > [05A0] 2C 82 29 00 00 00 00 00 F0 C6 02 00 00 F4 01 00 ,.)..... ........ > [05B0] 00 00 00 00 00 00 00 00 F0 C6 02 00 00 F4 01 00 ........ ........ > [05C0] 01 00 00 00 4A 1E 00 00 1A 82 29 00 00 00 00 00 ....J... ..)..... > [05D0] 00 F4 01 00 F0 C6 02 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 F4 01 00 F0 C6 02 00 01 00 00 00 10 1E 00 00 ........ ........ > [05F0] 00 82 29 00 00 00 00 00 B8 96 06 00 D0 86 08 00 ..)..... ........ > [0600] 00 00 00 00 00 00 00 00 B8 96 06 00 D0 86 08 00 ........ ........ > [0610] 01 00 00 00 D6 1D 00 00 E6 81 29 00 00 00 00 00 ........ ..)..... > [0620] D0 86 08 00 70 2D 0D 00 00 00 00 00 00 00 00 00 ....p-.. ........ > [0630] D0 86 08 00 70 2D 0D 00 01 00 00 00 7A 1D 00 00 ....p-.. ....z... > [0640] AA 81 29 00 00 00 00 00 20 42 02 00 40 0D 03 00 ..)..... B..@... > [0650] 00 00 00 00 00 00 00 00 20 42 02 00 40 0D 03 00 ........ B..@... > [0660] 01 00 00 00 40 1D 00 00 90 81 29 00 00 00 00 00 ....@... ..)..... > [0670] 70 2D 0D 00 A0 0D 11 00 00 00 00 00 00 00 00 00 p-...... ........ > [0680] 70 2D 0D 00 A0 0D 11 00 01 00 00 00 06 1D 00 00 p-...... ........ > [0690] 76 81 29 00 00 00 00 00 47 99 01 00 94 AE 03 00 v.)..... G....... > [06A0] 00 00 00 00 00 00 00 00 47 99 01 00 94 AE 03 00 ........ G....... > [06B0] 01 00 00 00 CC 1C 00 00 5C 81 29 00 00 00 00 00 ........ \.)..... > [06C0] 7C BE 01 00 65 05 04 00 00 00 00 00 00 00 00 00 |...e... ........ > [06D0] 7C BE 01 00 65 05 04 00 01 00 00 00 92 1C 00 00 |...e... ........ > [06E0] 42 81 29 00 00 00 00 00 4A D7 01 00 68 43 04 00 B.)..... J...hC.. > [06F0] 00 00 00 00 00 00 00 00 4A D7 01 00 68 43 04 00 ........ J...hC.. > [0700] 01 00 00 00 58 1C 00 00 28 81 29 00 00 00 00 00 ....X... (.)..... > [0710] 18 F0 01 00 04 75 04 00 00 00 00 00 00 00 00 00 .....u.. ........ > [0720] 18 F0 01 00 04 75 04 00 01 00 00 00 20 1C 00 00 .....u.. .... ... > [0730] 10 81 29 00 00 00 00 00 79 80 01 00 91 70 03 00 ..)..... y....p.. > [0740] 00 00 00 00 00 00 00 00 79 80 01 00 91 70 03 00 ........ y....p.. > [0750] 01 00 00 00 E8 1B 00 00 F8 80 29 00 00 00 00 00 ........ ..)..... > [0760] 90 D0 03 00 E8 62 05 00 00 00 00 00 00 00 00 00 .....b.. ........ > [0770] 90 D0 03 00 E8 62 05 00 01 00 00 00 B0 1B 00 00 .....b.. ........ > [0780] E0 80 29 00 00 00 00 00 80 AF 02 00 90 D0 03 00 ..)..... ........ > [0790] 00 00 00 00 00 00 00 00 80 AF 02 00 90 D0 03 00 ........ ........ > [07A0] 01 00 00 00 78 1B 00 00 C8 80 29 00 00 00 00 00 ....x... ..)..... > [07B0] 80 AF 02 00 48 E8 01 00 00 00 00 00 00 00 00 00 ....H... ........ > [07C0] 80 AF 02 00 48 E8 01 00 01 00 00 00 40 1B 00 00 ....H... ....@... > [07D0] B0 80 29 00 00 00 00 00 A0 F1 04 00 10 FD 06 00 ..)..... ........ > [07E0] 00 00 00 00 00 00 00 00 A0 F1 04 00 10 FD 06 00 ........ ........ > [07F0] 01 00 00 00 08 1B 00 00 98 80 29 00 00 00 00 00 ........ ..)..... > [0800] 88 7E 03 00 A0 F1 04 00 00 00 00 00 00 00 00 00 .~...... ........ > [0810] 88 7E 03 00 A0 F1 04 00 01 00 00 00 D0 1A 00 00 .~...... ........ > [0820] 80 80 29 00 00 00 00 00 D0 78 02 00 88 7E 03 00 ..)..... .x...~.. > [0830] 00 00 00 00 00 00 00 00 D0 78 02 00 88 7E 03 00 ........ .x...~.. > [0840] 01 00 00 00 98 1A 00 00 00 08 00 00 03 00 00 00 ........ ........ > [0850] 00 00 00 00 .... >[2012/08/30 15:27:54.777604, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:54.777735, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:54.777859, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:54.778005, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 >[2012/08/30 15:27:54.778128, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[53].fn == 0x7fd50aecc260 >[2012/08/30 15:27:54.778332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > in: struct spoolss_GetPrinterDriver2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 > architecture : * > architecture : 'Windows x64' > level : 0x00000006 (6) > buffer : * > buffer : DATA_BLOB length=2048 > [0000] 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 00 X.;..... .d;..... > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 C5 26 00 E3 01 F5 04 00 ........ .&...... > [0410] 58 01 3B 00 00 00 00 00 D0 64 3B 00 00 00 00 00 X.;..... .d;..... > [0420] 28 9A 01 00 20 42 02 00 00 00 00 00 00 00 00 00 (... B.. ........ > [0430] 28 9A 01 00 20 42 02 00 01 00 00 00 2C 20 00 00 (... B.. ...., .. > [0440] FC 82 29 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ..)..... .....b.. > [0450] 00 00 00 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ........ .....b.. > [0460] 01 00 00 00 EA 1F 00 00 DA 82 29 00 00 00 00 00 ........ ..)..... > [0470] E0 8D 05 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] E0 8D 05 00 E8 EB 03 00 01 00 00 00 B8 1F 00 00 ........ ........ > [0490] C8 82 29 00 00 00 00 00 E8 EB 03 00 E0 8D 05 00 ..)..... ........ > [04A0] 00 00 00 00 00 00 00 00 E8 EB 03 00 E0 8D 05 00 ........ ........ > [04B0] 01 00 00 00 7A 1F 00 00 AA 82 29 00 00 00 00 00 ....z... ..)..... > [04C0] 28 11 03 00 20 36 04 00 00 00 00 00 00 00 00 00 (... 6.. ........ > [04D0] 28 11 03 00 20 36 04 00 01 00 00 00 38 1F 00 00 (... 6.. ....8... > [04E0] 88 82 29 00 00 00 00 00 E8 EB 03 00 F0 C6 02 00 ..)..... ........ > [04F0] 00 00 00 00 00 00 00 00 E8 EB 03 00 F0 C6 02 00 ........ ........ > [0500] 01 00 00 00 F0 1E 00 00 60 82 29 00 00 00 00 00 ........ `.)..... > [0510] F0 C6 02 00 E8 EB 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] F0 C6 02 00 E8 EB 03 00 01 00 00 00 BE 1E 00 00 ........ ........ > [0530] 4E 82 29 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 N.)..... ........ > [0540] 00 00 00 00 00 00 00 00 F0 C6 02 00 E8 EB 03 00 ........ ........ > [0550] 01 00 00 00 7C 1E 00 00 2C 82 29 00 00 00 00 00 ....|... ,.)..... > [0560] F0 C6 02 00 00 F4 01 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] F0 C6 02 00 00 F4 01 00 01 00 00 00 4A 1E 00 00 ........ ....J... > [0580] 1A 82 29 00 00 00 00 00 00 F4 01 00 F0 C6 02 00 ..)..... ........ > [0590] 00 00 00 00 00 00 00 00 00 F4 01 00 F0 C6 02 00 ........ ........ > [05A0] 01 00 00 00 10 1E 00 00 00 82 29 00 00 00 00 00 ........ ..)..... > [05B0] B8 96 06 00 D0 86 08 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] B8 96 06 00 D0 86 08 00 01 00 00 00 D6 1D 00 00 ........ ........ > [05D0] E6 81 29 00 00 00 00 00 D0 86 08 00 70 2D 0D 00 ..)..... ....p-.. > [05E0] 00 00 00 00 00 00 00 00 D0 86 08 00 70 2D 0D 00 ........ ....p-.. > [05F0] 01 00 00 00 7A 1D 00 00 AA 81 29 00 00 00 00 00 ....z... ..)..... > [0600] 20 42 02 00 40 0D 03 00 00 00 00 00 00 00 00 00 B..@... ........ > [0610] 20 42 02 00 40 0D 03 00 01 00 00 00 40 1D 00 00 B..@... ....@... > [0620] 90 81 29 00 00 00 00 00 70 2D 0D 00 A0 0D 11 00 ..)..... p-...... > [0630] 00 00 00 00 00 00 00 00 70 2D 0D 00 A0 0D 11 00 ........ p-...... > [0640] 01 00 00 00 06 1D 00 00 76 81 29 00 00 00 00 00 ........ v.)..... > [0650] 47 99 01 00 94 AE 03 00 00 00 00 00 00 00 00 00 G....... ........ > [0660] 47 99 01 00 94 AE 03 00 01 00 00 00 CC 1C 00 00 G....... ........ > [0670] 5C 81 29 00 00 00 00 00 7C BE 01 00 65 05 04 00 \.)..... |...e... > [0680] 00 00 00 00 00 00 00 00 7C BE 01 00 65 05 04 00 ........ |...e... > [0690] 01 00 00 00 92 1C 00 00 42 81 29 00 00 00 00 00 ........ B.)..... > [06A0] 4A D7 01 00 68 43 04 00 00 00 00 00 00 00 00 00 J...hC.. ........ > [06B0] 4A D7 01 00 68 43 04 00 01 00 00 00 58 1C 00 00 J...hC.. ....X... > [06C0] 28 81 29 00 00 00 00 00 18 F0 01 00 04 75 04 00 (.)..... .....u.. > [06D0] 00 00 00 00 00 00 00 00 18 F0 01 00 04 75 04 00 ........ .....u.. > [06E0] 01 00 00 00 20 1C 00 00 10 81 29 00 00 00 00 00 .... ... ..)..... > [06F0] 79 80 01 00 91 70 03 00 00 00 00 00 00 00 00 00 y....p.. ........ > [0700] 79 80 01 00 91 70 03 00 01 00 00 00 E8 1B 00 00 y....p.. ........ > [0710] F8 80 29 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ..)..... .....b.. > [0720] 00 00 00 00 00 00 00 00 90 D0 03 00 E8 62 05 00 ........ .....b.. > [0730] 01 00 00 00 B0 1B 00 00 E0 80 29 00 00 00 00 00 ........ ..)..... > [0740] 80 AF 02 00 90 D0 03 00 00 00 00 00 00 00 00 00 ........ ........ > [0750] 80 AF 02 00 90 D0 03 00 01 00 00 00 78 1B 00 00 ........ ....x... > [0760] C8 80 29 00 00 00 00 00 80 AF 02 00 48 E8 01 00 ..)..... ....H... > [0770] 00 00 00 00 00 00 00 00 80 AF 02 00 48 E8 01 00 ........ ....H... > [0780] 01 00 00 00 40 1B 00 00 B0 80 29 00 00 00 00 00 ....@... ..)..... > [0790] A0 F1 04 00 10 FD 06 00 00 00 00 00 00 00 00 00 ........ ........ > [07A0] A0 F1 04 00 10 FD 06 00 01 00 00 00 08 1B 00 00 ........ ........ > [07B0] 98 80 29 00 00 00 00 00 88 7E 03 00 A0 F1 04 00 ..)..... .~...... > [07C0] 00 00 00 00 00 00 00 00 88 7E 03 00 A0 F1 04 00 ........ .~...... > [07D0] 01 00 00 00 D0 1A 00 00 80 80 29 00 00 00 00 00 ........ ..)..... > [07E0] D0 78 02 00 88 7E 03 00 00 00 00 00 00 00 00 00 .x...~.. ........ > [07F0] D0 78 02 00 88 7E 03 00 01 00 00 00 98 1A 00 00 .x...~.. ........ > offered : 0x00000800 (2048) > client_major_version : 0x00000003 (3) > client_minor_version : 0x00000000 (0) >[2012/08/30 15:27:54.788920, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) > _spoolss_GetPrinterDriver2 >[2012/08/30 15:27:54.789093, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.789305, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.789500, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:54.789629, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:54.789754, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:54.789872, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:54.790015, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:54.790152, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.790953, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.791074, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.791195, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.791329, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.791472, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.791625, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.791779, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.791912, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.792036, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.793168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000049-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.793710, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000049-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.795372, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.795620, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:54.795740, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.795863, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.795980, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.796102, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.796218, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.796426, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:54.796562, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:54.796681, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.796801, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.796918, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.797038, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.797157, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.797291, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.797423, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:54.797542, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.797662, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.797779, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.797899, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.798016, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.798148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.798279, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:54.798398, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.798542, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.798659, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.798794, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.798910, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.799052, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.799171, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.799343, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.799461, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.799615, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.799732, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.799873, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:54.799993, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.800116, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.800235, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.800354, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.800489, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.800630, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.800766, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.800885, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.801006, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.801124, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.801259, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.801376, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.801514, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.801649, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.801770, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.801905, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.802031, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.802153, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.802271, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.802409, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.802530, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.802725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.803255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:54.804005, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.804201, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.804322, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.804458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:54.804596, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:54.804731, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:54.804851, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:54.804971, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:54.805090, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:54.805209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:54.805329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:54.805449, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:54.805568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:54.805719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:54.805844, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:54.805964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:54.806083, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:54.806203, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:54.806322, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:54.806441, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:54.806577, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:54.806692, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.806902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:54.808621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.809918, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.810116, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.810247, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.811630, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.812957, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.813152, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.813273, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:54.814840, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.816229, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.816436, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.816564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.817889, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.819349, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.819565, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.819701, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:54.823005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.824371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.824584, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.824706, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:54.826732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.828054, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.828252, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.828376, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:54.830549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.832852, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.833072, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.833195, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.834486, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.835832, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.836027, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.836149, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:54.852396, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.853683, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.853878, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.854002, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:54.856220, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.857661, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.857864, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.857989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.859367, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.860731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.860933, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.861060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.862381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.863745, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.863943, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.864070, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:54.866670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.872270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.872423, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.872521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:54.874063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.875053, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.875196, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.875297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.876217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.877366, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.878488, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.879865, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.881748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.883558, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.883918, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.884106, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:54.885969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.888004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.888299, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.888481, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.890458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.893230, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.893476, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.893605, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.894957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.896210, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.896407, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.896526, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.896646, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:54.896775, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:54.897452, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.898224, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.898343, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.898464, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.898581, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.898699, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.898828, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.898985, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.899118, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.899239, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.899441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004b-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.899975, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004b-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.901516, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.901715, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:54.901834, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.901954, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.902071, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.902191, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.902324, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:54.902462, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:54.902595, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:54.902715, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.902991, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.903112, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.903232, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.903349, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.903485, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:54.904399, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:54.904536, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.904659, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.904776, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.904895, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.905012, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.905147, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:54.905300, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:54.905420, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.905541, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.905659, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.905783, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.905920, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:54.906065, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.906186, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.906308, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.906426, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.906549, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.906666, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:54.906810, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:54.906933, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:54.907099, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.907238, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.907358, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.907474, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.907629, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:54.907786, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.907907, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:54.908029, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.908148, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.908278, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.908395, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.908557, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.908695, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.908820, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:54.908940, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:54.909060, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.909216, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.909343, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.909463, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.909589, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.909787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004c-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.910291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004c-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.911566, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.911783, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.911909, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.912030, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.912162, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.912309, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:54.912453, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:54.912574, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:54.912694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:54.912819, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:54.912940, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:54.913062, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:54.913184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:54.913322, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:54.913443, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:54.913563, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:54.913686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:54.913806, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:54.913926, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:54.914048, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:54.914170, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:54.914289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:54.914408, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:54.914533, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:54.915216, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004c-0000-0000-3f50-babeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:54.916612, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.916817, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:54.916938, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:54.917060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:54.933132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004c-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.933586, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.933800, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4C 00 00 00 00 00 00 00 3F 50 BA BE ....L... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.933993, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.934134, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.934254, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.934735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004b-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.935160, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.935354, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4B 00 00 00 00 00 00 00 3F 50 BA BE ....K... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.935573, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.935691, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.935826, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.936307, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004a-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.936735, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.936929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4A 00 00 00 00 00 00 00 3F 50 BA BE ....J... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.937125, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.937247, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:54.937365, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.937848, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000049-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:54.938261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.938473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 49 00 00 00 00 00 00 00 3F 50 BA BE ....I... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.938666, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:54.938784, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:54.938905, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:54.939586, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:54.939753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.940605, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:54.940747, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:54.940869, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:54.940986, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:54.941104, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.941237, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:54.941400, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:54.941533, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.941658, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.941862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004d-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.942381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004d-0000-0000-3f50-babeee0b0000 > keyname: struct winreg_String > name_len : 0x00b4 (180) > name_size : 0x00b4 (180) > name : * > name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:54.944029, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.944254, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/30 15:27:54.944376, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:54.944497, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/30 15:27:54.944620, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/30 15:27:54.944741, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.944859, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] >[2012/08/30 15:27:54.945004, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2012/08/30 15:27:54.945143, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/30 15:27:54.945263, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:54.945385, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.945521, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.945640, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.945757, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.945916, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:54.946051, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/08/30 15:27:54.946179, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:54.946300, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.946421, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.946539, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.946655, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.946808, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:54.946953, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:54.947072, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:54.947192, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.947327, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.947446, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.947621, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.947759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:54.947893, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Environments] >[2012/08/30 15:27:54.948012, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:54.948135, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:54.948252, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:54.948370, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.948520, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:54.948662, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:54.948797, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows x64] >[2012/08/30 15:27:54.948919, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:54.949039, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:54.949157, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:54.949275, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.949408, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:54.949542, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:54.949676, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Drivers] >[2012/08/30 15:27:54.949805, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:54.949926, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:54.950043, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:54.950162, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.950295, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:54.950428, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:54.950563, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Version-3] >[2012/08/30 15:27:54.950700, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:54.950967, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:54.951085, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:54.951204, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.951323, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:54.951457, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:54.951650, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:54.951770, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:54.951892, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.952009, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.952146, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:54.952262, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.952394, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.952517, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.952652, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:54.952773, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:54.952892, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:54.953038, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:54.953159, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:54.953277, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:54.953407, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:54.953531, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:54.953649, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:54.953769, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.953981, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > result : WERR_OK >[2012/08/30 15:27:54.954477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:54.955243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.955440, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:54.956393, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.956532, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Version] len[4] >[2012/08/30 15:27:54.956653, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Driver] len[26] >[2012/08/30 15:27:54.956790, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Data File] len[24] >[2012/08/30 15:27:54.956910, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Configuration File] len[20] >[2012/08/30 15:27:54.957030, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Help File] len[24] >[2012/08/30 15:27:54.957239, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Dependent Files] len[188] >[2012/08/30 15:27:54.957360, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Monitor] len[0] >[2012/08/30 15:27:54.957479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Datatype] len[8] >[2012/08/30 15:27:54.957601, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Previous Names] len[2] >[2012/08/30 15:27:54.957728, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[DriverDate] len[22] >[2012/08/30 15:27:54.957848, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[DriverVersion] len[16] >[2012/08/30 15:27:54.957971, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Manufacturer] len[0] >[2012/08/30 15:27:54.958107, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[OEM URL] len[0] >[2012/08/30 15:27:54.958226, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[HardwareID] len[0] >[2012/08/30 15:27:54.958345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Provider] len[0] >[2012/08/30 15:27:54.958480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Print Processor] len[0] >[2012/08/30 15:27:54.958599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[VendorSetup] len[0] >[2012/08/30 15:27:54.958719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Color Profiles] len[2] >[2012/08/30 15:27:54.958886, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[18]: name[InfPath] len[0] >[2012/08/30 15:27:54.959009, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] >[2012/08/30 15:27:54.959128, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[20]: name[CoreDependencies] len[2] >[2012/08/30 15:27:54.959248, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] >[2012/08/30 15:27:54.959373, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] >[2012/08/30 15:27:54.959535, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.959684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000017 (23) > max_valnamelen : * > max_valnamelen : 0x00000032 (50) > max_valbufsize : * > max_valbufsize : 0x000000bc (188) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:54.961191, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.962534, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.962731, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.962857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Version' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x03 (3) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:54.964237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.965553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.965748, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.965886, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0034 (52) > name : * > name : 'Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:54.968596, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.969914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.970109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.970256, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Data File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x70 (112) > [17] : 0x00 (0) > [18] : 0x70 (112) > [19] : 0x00 (0) > [20] : 0x64 (100) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:54.972831, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.974131, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.974326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.974448, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0026 (38) > size : 0x0034 (52) > name : * > name : 'Configuration File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(20) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x35 (53) > [5] : 0x00 (0) > [6] : 0x75 (117) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x64 (100) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x6c (108) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : * > size : 0x00000014 (20) > length : * > length : 0x00000014 (20) > result : WERR_OK >[2012/08/30 15:27:54.977127, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.978438, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.978636, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.978758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Help File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x68 (104) > [17] : 0x00 (0) > [18] : 0x6c (108) > [19] : 0x00 (0) > [20] : 0x70 (112) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:54.981459, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.982778, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.983004, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.983132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Dependent Files' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(188) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x48 (72) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x5f (95) > [31] : 0x00 (0) > [32] : 0x34 (52) > [33] : 0x00 (0) > [34] : 0x35 (53) > [35] : 0x00 (0) > [36] : 0x31 (49) > [37] : 0x00 (0) > [38] : 0x35 (53) > [39] : 0x00 (0) > [40] : 0x2e (46) > [41] : 0x00 (0) > [42] : 0x70 (112) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x64 (100) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x70 (112) > [51] : 0x00 (0) > [52] : 0x73 (115) > [53] : 0x00 (0) > [54] : 0x35 (53) > [55] : 0x00 (0) > [56] : 0x75 (117) > [57] : 0x00 (0) > [58] : 0x69 (105) > [59] : 0x00 (0) > [60] : 0x2e (46) > [61] : 0x00 (0) > [62] : 0x64 (100) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x6c (108) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x70 (112) > [71] : 0x00 (0) > [72] : 0x73 (115) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x72 (114) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x70 (112) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2e (46) > [85] : 0x00 (0) > [86] : 0x68 (104) > [87] : 0x00 (0) > [88] : 0x6c (108) > [89] : 0x00 (0) > [90] : 0x70 (112) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x70 (112) > [95] : 0x00 (0) > [96] : 0x73 (115) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x72 (114) > [101] : 0x00 (0) > [102] : 0x69 (105) > [103] : 0x00 (0) > [104] : 0x70 (112) > [105] : 0x00 (0) > [106] : 0x74 (116) > [107] : 0x00 (0) > [108] : 0x2e (46) > [109] : 0x00 (0) > [110] : 0x6e (110) > [111] : 0x00 (0) > [112] : 0x74 (116) > [113] : 0x00 (0) > [114] : 0x66 (102) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x63 (99) > [119] : 0x00 (0) > [120] : 0x75 (117) > [121] : 0x00 (0) > [122] : 0x70 (112) > [123] : 0x00 (0) > [124] : 0x73 (115) > [125] : 0x00 (0) > [126] : 0x36 (54) > [127] : 0x00 (0) > [128] : 0x2e (46) > [129] : 0x00 (0) > [130] : 0x69 (105) > [131] : 0x00 (0) > [132] : 0x6e (110) > [133] : 0x00 (0) > [134] : 0x69 (105) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x63 (99) > [139] : 0x00 (0) > [140] : 0x75 (117) > [141] : 0x00 (0) > [142] : 0x70 (112) > [143] : 0x00 (0) > [144] : 0x73 (115) > [145] : 0x00 (0) > [146] : 0x70 (112) > [147] : 0x00 (0) > [148] : 0x73 (115) > [149] : 0x00 (0) > [150] : 0x36 (54) > [151] : 0x00 (0) > [152] : 0x2e (46) > [153] : 0x00 (0) > [154] : 0x64 (100) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x6c (108) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x63 (99) > [163] : 0x00 (0) > [164] : 0x75 (117) > [165] : 0x00 (0) > [166] : 0x70 (112) > [167] : 0x00 (0) > [168] : 0x73 (115) > [169] : 0x00 (0) > [170] : 0x75 (117) > [171] : 0x00 (0) > [172] : 0x69 (105) > [173] : 0x00 (0) > [174] : 0x36 (54) > [175] : 0x00 (0) > [176] : 0x2e (46) > [177] : 0x00 (0) > [178] : 0x64 (100) > [179] : 0x00 (0) > [180] : 0x6c (108) > [181] : 0x00 (0) > [182] : 0x6c (108) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > size : * > size : 0x000000bc (188) > length : * > length : 0x000000bc (188) > result : WERR_OK >[2012/08/30 15:27:54.996531, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:54.997850, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:54.998059, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:54.998188, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Monitor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:54.999449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.000785, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.000995, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.001122, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:55.002690, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.004075, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.004286, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.004410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Previous Names' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:55.005602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.006943, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.007139, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.007255, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'DriverDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:55.009771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.011233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.011438, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.012410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001c (28) > size : 0x0034 (52) > name : * > name : 'DriverVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:55.014449, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.015795, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.016020, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.016145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001a (26) > size : 0x0034 (52) > name : * > name : 'Manufacturer' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.017343, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.018637, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.018832, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.018969, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'OEM URL' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.020087, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.021371, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.021569, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.021689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'HardwareID' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.022760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.024271, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.024471, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.024593, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Provider' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.025692, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.027012, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.027209, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.027334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.028473, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.029794, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.029992, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.030113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0034 (52) > name : * > name : 'VendorSetup' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.031205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.032556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.032751, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.032878, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Color Profiles' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:55.034061, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.035554, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.035762, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.035901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'InfPath' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.036979, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000013 (19) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.038280, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.038476, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.038600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0030 (48) > size : 0x0034 (52) > name : * > name : 'PrinterDriverAttributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:55.039986, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000014 (20) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.041319, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.041521, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.041648, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0034 (52) > name : * > name : 'CoreDependencies' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:55.042857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000015 (21) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.044233, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.044437, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.044566, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x002c (44) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:55.047014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 > enum_index : 0x00000016 (22) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:55.048489, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.048711, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:55.048835, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0032 (50) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:55.051006, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004e-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:55.051464, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.051692, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4E 00 00 00 00 00 00 00 3F 50 BA BE ....N... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.051886, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:55.052007, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:55.052128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:55.052622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004d-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:55.053036, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.053230, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4D 00 00 00 00 00 00 00 3F 50 BA BE ....M... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.053441, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:55.053558, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:55.053676, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:55.054155, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:55.054433, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > out: struct spoolss_GetPrinterDriver2 > info : * > info : union spoolss_DriverInfo(case 6) > info6: struct spoolss_DriverInfo6 > version : SPOOLSS_DRIVER_VERSION_200X (3) > driver_name : * > driver_name : 'HP_4515' > architecture : * > architecture : 'Windows x64' > driver_path : * > driver_path : '\\orange\print$\x64\3\pscript5.dll' > data_file : * > data_file : '\\orange\print$\x64\3\HP_4515.ppd' > config_file : * > config_file : '\\orange\print$\x64\3\ps5ui.dll' > help_file : * > help_file : '\\orange\print$\x64\3\pscript.hlp' > dependent_files : * > dependent_files: ARRAY(8) > [0] : '\\orange\print$\x64\3\pscript5.dll' > [1] : '\\orange\print$\x64\3\HP_4515.ppd' > [2] : '\\orange\print$\x64\3\ps5ui.dll' > [3] : '\\orange\print$\x64\3\pscript.hlp' > [4] : '\\orange\print$\x64\3\pscript.ntf' > [5] : '\\orange\print$\x64\3\cups6.ini' > [6] : '\\orange\print$\x64\3\cupsps6.dll' > [7] : '\\orange\print$\x64\3\cupsui6.dll' > monitor_name : * > monitor_name : '' > default_datatype : * > default_datatype : 'RAW' > previous_names : NULL > driver_date : NTTIME(0) > driver_version : 0x0000000000000000 (0) > manufacturer_name : * > manufacturer_name : '' > manufacturer_url : * > manufacturer_url : '' > hardware_id : * > hardware_id : '' > provider : * > provider : '' > needed : * > needed : 0x000003e0 (992) > server_major_version : * > server_major_version : 0x00000000 (0) > server_minor_version : * > server_minor_version : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:55.057740, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:55.057871, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 2140 >[2012/08/30 15:27:55.058002, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/08/30 15:27:55.058124, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 2072. >[2012/08/30 15:27:55.058249, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0830 (2096) > auth_length : 0x0000 (0) > call_id : 0x00000007 (7) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000818 (2072) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=2072 > [0000] 08 00 02 00 00 08 00 00 03 00 00 00 F0 07 00 00 ........ ........ > [0010] D8 07 00 00 92 07 00 00 4E 07 00 00 0E 07 00 00 ........ N....... > [0020] CA 06 00 00 AE 04 00 00 AC 04 00 00 A4 04 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 A2 04 00 00 A0 04 00 00 ........ ........ > [0050] 9E 04 00 00 9C 04 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. > [04B0] 57 00 00 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 W.....\. \.o.r.a. > [04C0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [04D0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [04E0] 5C 00 70 00 73 00 63 00 72 00 69 00 70 00 74 00 \.p.s.c. r.i.p.t. > [04F0] 35 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 5...d.l. l...\.\. > [0500] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. > [0510] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. > [0520] 34 00 5C 00 33 00 5C 00 48 00 50 00 5F 00 34 00 4.\.3.\. H.P._.4. > [0530] 35 00 31 00 35 00 2E 00 70 00 70 00 64 00 00 00 5.1.5... p.p.d... > [0540] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0550] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. > [0560] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. > [0570] 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 5.u.i... d.l.l... > [0580] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0590] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. > [05A0] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. > [05B0] 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 c.r.i.p. t...h.l. > [05C0] 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 p...\.\. o.r.a.n. > [05D0] 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 g.e.\.p. r.i.n.t. > [05E0] 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 $.\.x.6. 4.\.3.\. > [05F0] 70 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 p.s.c.r. i.p.t... > [0600] 6E 00 74 00 66 00 00 00 5C 00 5C 00 6F 00 72 00 n.t.f... \.\.o.r. > [0610] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. > [0620] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. > [0630] 33 00 5C 00 63 00 75 00 70 00 73 00 36 00 2E 00 3.\.c.u. p.s.6... > [0640] 69 00 6E 00 69 00 00 00 5C 00 5C 00 6F 00 72 00 i.n.i... \.\.o.r. > [0650] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. > [0660] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. > [0670] 33 00 5C 00 63 00 75 00 70 00 73 00 70 00 73 00 3.\.c.u. p.s.p.s. > [0680] 36 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 6...d.l. l...\.\. > [0690] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. > [06A0] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. > [06B0] 34 00 5C 00 33 00 5C 00 63 00 75 00 70 00 73 00 4.\.3.\. c.u.p.s. > [06C0] 75 00 69 00 36 00 2E 00 64 00 6C 00 6C 00 00 00 u.i.6... d.l.l... > [06D0] 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 ..\.\.o. r.a.n.g. > [06E0] 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 e.\.p.r. i.n.t.$. > [06F0] 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 \.x.6.4. \.3.\.p. > [0700] 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 s.c.r.i. p.t...h. > [0710] 6C 00 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.p...\. \.o.r.a. > [0720] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [0730] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [0740] 5C 00 70 00 73 00 35 00 75 00 69 00 2E 00 64 00 \.p.s.5. u.i...d. > [0750] 6C 00 6C 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.l...\. \.o.r.a. > [0760] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [0770] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [0780] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0790] 2E 00 70 00 70 00 64 00 00 00 5C 00 5C 00 6F 00 ..p.p.d. ..\.\.o. > [07A0] 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 r.a.n.g. e.\.p.r. > [07B0] 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 i.n.t.$. \.x.6.4. > [07C0] 5C 00 33 00 5C 00 70 00 73 00 63 00 72 00 69 00 \.3.\.p. s.c.r.i. > [07D0] 70 00 74 00 35 00 2E 00 64 00 6C 00 6C 00 00 00 p.t.5... d.l.l... > [07E0] 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 W.i.n.d. o.w.s. . > [07F0] 78 00 36 00 34 00 00 00 48 00 50 00 5F 00 34 00 x.6.4... H.P._.4. > [0800] 35 00 31 00 35 00 00 00 E0 03 00 00 00 00 00 00 5.1.5... ........ > [0810] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:55.070619, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2234 >[2012/08/30 15:27:55.070756, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:55.070893, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 2096 bytes. There is no more data outstanding >[2012/08/30 15:27:55.071015, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..2096] (align 0) >[2012/08/30 15:27:55.071138, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.071199, 5] lib/util.c:342(show_msg) > size=2152 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9600 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 2096 (0x830) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 2096 (0x830) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=2097 >[2012/08/30 15:27:55.076254, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 08 00 00 07 00 00 ........ .0...... > [0010] 00 18 08 00 00 00 00 00 00 08 00 02 00 00 08 00 ........ ........ > [0020] 00 03 00 00 00 F0 07 00 00 D8 07 00 00 92 07 00 ........ ........ > [0030] 00 4E 07 00 00 0E 07 00 00 CA 06 00 00 AE 04 00 .N...... ........ > [0040] 00 AC 04 00 00 A4 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 A2 04 00 00 A0 04 00 00 9E 04 00 00 9C 04 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:55.080455, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 82 >[2012/08/30 15:27:55.080584, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x52 >[2012/08/30 15:27:55.080681, 3] smbd/process.c:1662(process_smb) > Transaction 72 of length 86 (0 toread) >[2012/08/30 15:27:55.080801, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.080842, 5] lib/util.c:342(show_msg) > size=82 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=9664 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 82 (0x52) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=39 >[2012/08/30 15:27:55.084106, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E > [0010] 00 5C 00 50 00 52 00 49 00 4E 00 54 00 24 00 00 .\.P.R.I .N.T.$.. > [0020] 00 3F 3F 3F 3F 3F 00 .?????. >[2012/08/30 15:27:55.084514, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 3054) conn 0x0 >[2012/08/30 15:27:55.084698, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.084897, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.085082, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.085361, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:55.085557, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [PRINT$] >[2012/08/30 15:27:55.085757, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service print$ >[2012/08/30 15:27:55.085946, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:55.086163, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:55.086349, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:55.086529, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:55.086710, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.086888, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.087068, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.087259, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.087461, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.087791, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:55.091724, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:55.092021, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.092235, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.092449, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.092626, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.092820, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.093005, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.093280, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:55.101837, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:55.102215, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.102349, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:55.102467, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:55.102595, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:55.102712, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:55.102831, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:55.102952, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share print$ is ok for unix user administrator >[2012/08/30 15:27:55.103117, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:55.103249, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:55.103368, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:55.103493, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers >[2012/08/30 15:27:55.103624, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/var/lib/samba/printers' for service [print$] >[2012/08/30 15:27:55.103758, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:55.104763, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2012/08/30 15:27:55.104888, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/08/30 15:27:55.105005, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2012/08/30 15:27:55.105123, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/08/30 15:27:55.105329, 5] smbd/connection.c:134(claim_connection) > claiming [print$] >[2012/08/30 15:27:55.105491, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:55.105626, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00dd00 >[2012/08/30 15:27:55.105770, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:55.106040, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers >[2012/08/30 15:27:55.106164, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:55.106284, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:55.106401, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:55.112685, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.112834, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.113007, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.113136, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.113262, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.113471, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:55.114698, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:55.114877, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.114998, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.115116, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.115240, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:55.115548, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.115723, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.115914, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:55.117597, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:55.117789, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.117914, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:55.118032, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:55.118191, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:55.118309, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:55.118428, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:55.118549, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share print$ is ok for unix user administrator >[2012/08/30 15:27:55.118669, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share print$ is read-write for unix user administrator >[2012/08/30 15:27:55.118808, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:55.118934, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:55.119074, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.119349, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:55.123141, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:55.131756, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:55.131908, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.132107, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:55.132225, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:55.132409, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:55.132538, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service print$, connectpath = /var/lib/samba/printers >[2012/08/30 15:27:55.132705, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share print$, directory /var/lib/samba/printers >[2012/08/30 15:27:55.132826, 1] smbd/service.c:1114(make_connection_snum) > panama (192.168.30.50) connect to service print$ initially as user administrator (uid=10000, gid=513) (pid 3054) >[2012/08/30 15:27:55.132976, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=PRINT$ >[2012/08/30 15:27:55.143612, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 88 >[2012/08/30 15:27:55.143821, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x58 >[2012/08/30 15:27:55.143941, 3] smbd/process.c:1662(process_smb) > Transaction 73 of length 92 (0 toread) >[2012/08/30 15:27:55.144060, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.144122, 5] lib/util.c:342(show_msg) > size=88 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9728 > smt_wct=15 > smb_vwv[ 0]= 20 (0x14) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 20 (0x14) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 5 (0x5) > smb_bcc=23 >[2012/08/30 15:27:55.145778, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 EC 03 00 00 00 00 5C 00 78 00 36 00 34 ........ .\.x.6.4 > [0010] 00 5C 00 33 00 00 00 .\.3... >[2012/08/30 15:27:55.145987, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:55.146113, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.146257, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:55.148872, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:55.149286, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:55.149408, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/printers >[2012/08/30 15:27:55.149562, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1004 >[2012/08/30 15:27:55.149861, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3" >[2012/08/30 15:27:55.150020, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3] >[2012/08/30 15:27:55.150138, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64] >[2012/08/30 15:27:55.150256, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3, dirpath = , start = x64/3 >[2012/08/30 15:27:55.150383, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c00d2b0:size 5) X64/3 -> x64/3 >[2012/08/30 15:27:55.150501, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3 -> x64/3 >[2012/08/30 15:27:55.150641, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:55.150778, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:55.150899, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:55.151026, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3 hash 0xc724eb9f >[2012/08/30 15:27:55.151258, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:55.151428, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3 (fnum = -1) level=1004 call=5 total_data=0 >[2012/08/30 15:27:55.156731, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1004 max_data=40 >[2012/08/30 15:27:55.156904, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3 >[2012/08/30 15:27:55.157049, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning d >[2012/08/30 15:27:55.157169, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning d >[2012/08/30 15:27:55.157337, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:55.157456, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Tue Aug 21 16:18:45 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 10 >[2012/08/30 15:27:55.157813, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:55.157933, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:55.158050, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.158112, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9728 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:55.159629, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 D2 15 EE 2E 28 7B CD 01 49 86 25 ........ .({..I.% > [0010] 2A DA 7F CD 01 D2 15 EE 2E 28 7B CD 01 D2 15 EE *....... .({..... > [0020] 2E 28 7B CD 01 10 00 00 00 00 00 00 00 .({..... ..... >[2012/08/30 15:27:55.163642, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 88 >[2012/08/30 15:27:55.163887, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x58 >[2012/08/30 15:27:55.164027, 3] smbd/process.c:1662(process_smb) > Transaction 74 of length 92 (0 toread) >[2012/08/30 15:27:55.164147, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.164208, 5] lib/util.c:342(show_msg) > size=88 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9792 > smt_wct=15 > smb_vwv[ 0]= 20 (0x14) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 20 (0x14) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 5 (0x5) > smb_bcc=23 >[2012/08/30 15:27:55.165877, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 ED 03 00 00 00 00 5C 00 78 00 36 00 34 ........ .\.x.6.4 > [0010] 00 5C 00 33 00 00 00 .\.3... >[2012/08/30 15:27:55.166079, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:55.166201, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:55.166335, 3] smbd/trans2.c:5111(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QPATHINFO: level = 1005 >[2012/08/30 15:27:55.166467, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3" >[2012/08/30 15:27:55.166608, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:55.166734, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:55.166863, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:55.166985, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:55.167112, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3 hash 0xc724eb9f >[2012/08/30 15:27:55.167244, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:55.171642, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3 (fnum = -1) level=1005 call=5 total_data=0 >[2012/08/30 15:27:55.171838, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3 (fnum = -1) level=1005 max_data=24 >[2012/08/30 15:27:55.171978, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3 >[2012/08/30 15:27:55.172098, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning d >[2012/08/30 15:27:55.172217, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning d >[2012/08/30 15:27:55.172358, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:55.172479, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:55.172597, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:55.172717, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.172774, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9792 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:55.174174, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 00 01 00 00 ........ ..... >[2012/08/30 15:27:55.177064, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2012/08/30 15:27:55.177295, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/08/30 15:27:55.177421, 3] smbd/process.c:1662(process_smb) > Transaction 75 of length 124 (0 toread) >[2012/08/30 15:27:55.177542, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.177605, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9856 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/08/30 15:27:55.179449, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d > [0030] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:55.184688, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:55.184827, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:55.184981, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:55.185149, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:55.185272, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT5.DLL] >[2012/08/30 15:27:55.185391, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:55.185533, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript5.dll, dirpath = x64/3, start = pscript5.dll >[2012/08/30 15:27:55.185658, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c00d2c0:size 12) X64/3/PSCRIPT5.DLL -> x64/3/pscript5.dll >[2012/08/30 15:27:55.186312, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript5.dll -> x64/3/pscript5.dll >[2012/08/30 15:27:55.186438, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:55.186588, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:55.186706, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:55.186825, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/08/30 15:27:55.186971, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:55.187089, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:55.187213, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:55.187333, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:55.187501, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:55.187638, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/08/30 15:27:55.187788, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:55.187942, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c019f50 now at offset -1 >[2012/08/30 15:27:55.188143, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:55.188263, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:55.188392, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:55.188622, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:55.188743, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/08/30 15:27:55.188911, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:55.189029, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:55.189176, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:55.189294, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:55.189429, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/08/30 15:27:55.189565, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/08/30 15:27:55.189682, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.189744, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=1080 > smb_uid=100 > smb_mid=9856 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/08/30 15:27:55.191116, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. > [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ > [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l > [0080] 00 6C 00 00 00 .l... >[2012/08/30 15:27:55.199482, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:55.877369, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:55.877582, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:55.877693, 3] smbd/process.c:1662(process_smb) > Transaction 76 of length 132 (0 toread) >[2012/08/30 15:27:55.877813, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.877875, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9920 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4280 (0x10B8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17760 (0x4560) > smb_bcc=61 >[2012/08/30 15:27:55.879836, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 08 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 40 00 00 ........ .....@.. > [0030] 00 00 00 00 00 3F 50 BA BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:55.880192, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:55.880323, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:55.880446, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:55.882943, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:55.883409, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:55.883656, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/08/30 15:27:55.883797, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:55.883918, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:55.884035, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:55.884153, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:55.884271, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4560) >[2012/08/30 15:27:55.884392, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02c9d0 max_trans_reply: 4280 >[2012/08/30 15:27:55.884512, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:55.884631, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:55.884750, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:55.884868, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:55.884987, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:55.885104, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:55.885222, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:55.885343, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:55.885461, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:55.885579, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:55.885767, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:55.885959, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.887609, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:55.887732, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:55.887852, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:55.887975, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:55.888095, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:55.888217, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000040-0000-0000-3f50-babeee0b0000 >[2012/08/30 15:27:55.888632, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.888830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.889071, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 40 00 00 00 00 00 00 00 3F 50 BA BE ....@... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.889264, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:55.889382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:55.889853, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:55.889973, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:55.890106, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4280 >[2012/08/30 15:27:55.890225, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:55.890349, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000008 (8) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:55.891818, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:55.891945, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:55.892070, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:55.892190, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.892404, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9920 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:55.893733, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 08 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:55.894218, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:55.894354, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:55.894472, 3] smbd/process.c:1662(process_smb) > Transaction 77 of length 132 (0 toread) >[2012/08/30 15:27:55.894601, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.894663, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9985 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17759 (0x455F) > smb_bcc=61 >[2012/08/30 15:27:55.896404, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 39 00 00 ........ .....9.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:55.896747, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:55.896868, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:55.896998, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:55.897120, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:55.897385, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:55.897514, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:55.897632, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455f) >[2012/08/30 15:27:55.897752, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 4136 >[2012/08/30 15:27:55.897872, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:55.898116, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:55.898238, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:55.898357, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:55.898630, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:55.898765, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:55.898916, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:55.899047, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:55.899165, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:55.899285, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:55.899405, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:55.900342, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.901852, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:55.901976, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:55.902099, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:55.902222, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:55.902342, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:55.902463, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000039-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:27:55.902894, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.903092, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.903331, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 39 00 00 00 00 00 00 00 3F 50 B9 BE ....9... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:55.903567, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:55.903699, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:55.904183, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:55.904308, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:55.904444, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/08/30 15:27:55.904563, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:55.904689, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:55.906054, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:55.906180, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:55.906303, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:55.906423, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.906485, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=9985 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:55.907911, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:55.908571, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:55.908723, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:55.908842, 3] smbd/process.c:1662(process_smb) > Transaction 78 of length 45 (0 toread) >[2012/08/30 15:27:55.908961, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.909024, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10048 > smt_wct=3 > smb_vwv[ 0]=17760 (0x4560) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:55.910019, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:55.910087, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:55.910207, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:55.910328, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17760 (numopen=3) >[2012/08/30 15:27:55.910449, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:55.910591, 5] smbd/files.c:482(file_free) > freed files structure 17760 (2 used) >[2012/08/30 15:27:55.910713, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.910776, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10048 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:55.911798, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:55.913235, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:55.913406, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:55.913526, 3] smbd/process.c:1662(process_smb) > Transaction 79 of length 45 (0 toread) >[2012/08/30 15:27:55.913643, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.913704, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10112 > smt_wct=3 > smb_vwv[ 0]=17759 (0x455F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:55.914657, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:55.914721, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:55.914840, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:55.914961, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17759 (numopen=2) >[2012/08/30 15:27:55.918820, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:55.919181, 5] smbd/files.c:482(file_free) > freed files structure 17759 (1 used) >[2012/08/30 15:27:55.919342, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:55.919433, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10112 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:55.920026, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:57.248860, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:57.249077, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:57.249198, 3] smbd/process.c:1662(process_smb) > Transaction 80 of length 106 (0 toread) >[2012/08/30 15:27:57.249330, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.249392, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10176 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:57.251742, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:57.251974, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.252096, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.252221, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:57.252344, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:57.252469, 5] smbd/files.c:140(file_new) > allocated file structure 13665, fnum = 17761 (2 used) >[2012/08/30 15:27:57.252593, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:57.252717, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:57.252842, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:57.252973, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:57.253095, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:57.254085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:57.254232, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:57.254545, 3] smbd/process.c:1662(process_smb) > Transaction 81 of length 228 (0 toread) >[2012/08/30 15:27:57.254667, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.254741, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10240 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17761 (0x4561) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:57.256372, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:57.257230, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.257359, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.257481, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4561 name: spoolss len: 160 >[2012/08/30 15:27:57.257603, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:57.257724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:57.257842, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:57.257965, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:57.258085, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:57.258202, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:57.258359, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:57.258488, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:57.258605, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:57.258723, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:57.258845, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:57.258973, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:57.262295, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:57.262425, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:57.262544, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:57.262698, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:57.262822, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:57.262993, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:57.264882, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:57.265012, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:57.266027, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:57.266314, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:57.266433, 3] smbd/process.c:1662(process_smb) > Transaction 82 of length 63 (0 toread) >[2012/08/30 15:27:57.266554, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.266616, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10304 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17761 (0x4561) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:57.268124, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:57.268190, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.268309, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.268430, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:57.268578, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:57.268701, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:57.268826, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:57.268944, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:57.269895, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:57.270037, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:57.270156, 3] smbd/process.c:1662(process_smb) > Transaction 83 of length 296 (0 toread) >[2012/08/30 15:27:57.270322, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.270384, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10368 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17761 (0x4561) > smb_bcc=225 >[2012/08/30 15:27:57.272565, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:57.273672, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.273792, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.273920, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:57.274048, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:57.274189, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:57.274307, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:57.274424, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4561) >[2012/08/30 15:27:57.274545, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:57.274664, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:57.274785, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:57.274902, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:57.275020, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:57.275143, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:57.275260, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:57.275373, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:57.275574, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:57.275692, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:57.275809, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:57.275928, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:57.276052, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:57.278510, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:57.278634, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:57.278753, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:57.278876, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:57.278999, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:57.279123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:57.281044, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:57.281177, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.281373, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:57.281560, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:57.281773, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:57 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:57.282062, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/08/30 15:27:57.282189, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.282389, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.282588, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:57.282735, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:57.286514, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:57.286728, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:57.286848, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:57.286969, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:57.287093, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:57.287235, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:57.287353, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:57.287470, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:57.287774, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:57.288978, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:57.289193, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:57.289322, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:57.289450, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:57.289569, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:57.289687, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:57.289822, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:57.290014, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:57.291878, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:57.292072, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:57.292197, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:57.292316, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:57.292444, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:57.292578, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:57.292699, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:57.292819, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:57.292940, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:57.293060, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:57.293187, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:57.293304, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:57.293427, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:57.293560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.294362, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.294485, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:57.294647, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.294783, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.294901, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.295017, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.295167, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.295306, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.295429, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.295659, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000050-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.296167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000050-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.297739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.297961, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:57.298090, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:57.298212, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.298330, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.298468, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.298601, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.298756, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:57.298893, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:57.299016, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.299138, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.299256, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.299376, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.299533, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.299684, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.299819, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:57.299941, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.300068, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.300185, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.300305, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.300422, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.300558, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.300714, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:57.300839, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.301862, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.301984, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.302103, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.302242, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.302389, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.302655, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.302776, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.302911, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.303030, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.303156, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.303293, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:57.303431, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.303585, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.303706, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.303825, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.303945, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.304082, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.304217, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.304336, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.304461, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.304578, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.304697, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.304815, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.304954, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.305092, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.305214, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.305332, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.305451, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.305573, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.305691, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.305810, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.305929, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.306144, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000051-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.306684, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:57.306822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000051-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.307243, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.307441, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 51 00 00 00 00 00 00 00 3F 50 BD BE ....Q... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.307875, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.307999, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:57.308118, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.308608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000050-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.309072, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.309273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 50 00 00 00 00 00 00 00 3F 50 BD BE ....P... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.309471, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.309592, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:57.309712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.310223, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.310721, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:57.310848, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:57.311000, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:57.311132, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:57.311258, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:57.312680, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:57.312802, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:57.312930, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:57.313067, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:57.314229, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.314314, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10368 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:57.315857, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 4F 00 00 ........ .....O.. > [0020] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:57.319405, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 188 >[2012/08/30 15:27:57.319872, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xbc >[2012/08/30 15:27:57.320015, 3] smbd/process.c:1662(process_smb) > Transaction 84 of length 192 (0 toread) >[2012/08/30 15:27:57.320140, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.320201, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10432 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 104 (0x68) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 104 (0x68) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17761 (0x4561) > smb_bcc=121 >[2012/08/30 15:27:57.321923, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 68 00 00 00 03 00 00 ........ .h...... > [0020] 00 50 00 00 00 00 00 35 00 00 00 00 00 4F 00 00 .P.....5 .....O.. > [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 02 .....?P. ........ > [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i > [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 > [0060] 00 34 00 00 00 06 00 00 00 00 00 00 00 00 00 00 .4...... ........ > [0070] 00 FF FF FF FF FF FF FF FF ........ . >[2012/08/30 15:27:57.322578, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.322701, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.322827, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=104 params=0 setup=2 >[2012/08/30 15:27:57.322948, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:57.323064, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:57.323182, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:57.323332, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4561) >[2012/08/30 15:27:57.323451, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:57.323619, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 104 >[2012/08/30 15:27:57.323742, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 104 >[2012/08/30 15:27:57.323859, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 104 >[2012/08/30 15:27:57.323979, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 104, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:57.324101, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:57.324220, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2012/08/30 15:27:57.324339, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 88 >[2012/08/30 15:27:57.324458, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:57.324575, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 88 >[2012/08/30 15:27:57.324691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 88, incoming data = 88 >[2012/08/30 15:27:57.324822, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:57.324952, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0068 (104) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000050 (80) > context_id : 0x0000 (0) > opnum : 0x0035 (53) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=80 > [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ > [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. > [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... > [0040] 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ........ ........ >[2012/08/30 15:27:57.326917, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:57.327044, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:57.327187, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:57.327310, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 >[2012/08/30 15:27:57.327430, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[53].fn == 0x7fd50aecc260 >[2012/08/30 15:27:57.327612, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > in: struct spoolss_GetPrinterDriver2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 > architecture : * > architecture : 'Windows x64' > level : 0x00000006 (6) > buffer : NULL > offered : 0x00000000 (0) > client_major_version : 0xffffffff (4294967295) > client_minor_version : 0xffffffff (4294967295) >[2012/08/30 15:27:57.328439, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) > _spoolss_GetPrinterDriver2 >[2012/08/30 15:27:57.328579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.328798, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.328992, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:57.329120, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:57.329260, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:57.329378, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:57.329502, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:57.329634, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.330438, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.330558, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:57.330678, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.330813, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.330938, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.331054, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.331197, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.331332, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.331472, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.331720, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000052-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.332218, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000052-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.333754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.333950, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:57.334086, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:57.334231, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.334347, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.334465, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.334583, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.334723, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:57.334856, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:57.334981, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.335119, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.335236, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.335353, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.335469, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.335631, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.335763, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:57.335881, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.336001, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.336120, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.336238, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.336355, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.336487, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.336622, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:57.336740, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.336861, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.336977, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.337095, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.337231, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.337379, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.337500, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.337621, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.337777, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.337897, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.338165, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.338308, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:57.338447, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.338589, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.338708, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.338829, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.338959, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.339225, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.339364, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.339557, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.339689, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.339807, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.339942, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.340059, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.340198, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.340334, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.340457, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.340597, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.340717, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.340836, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.340959, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.341081, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.341200, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.341397, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.341902, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:57.342679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.342885, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.343005, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.343144, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:57.343282, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:57.343403, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:57.343559, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:57.343692, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:57.343811, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:57.343931, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:57.344053, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:57.344172, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:57.344292, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:57.344411, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:57.344533, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:57.344655, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:57.344774, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:57.344896, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:57.345016, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:57.345135, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:57.345257, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:57.345376, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.345513, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:57.347050, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.348401, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.348597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.348735, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.350197, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.352308, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.352513, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.352635, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:57.354226, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.355616, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.355815, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.355953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.357268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.358575, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.358770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.358908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:57.362363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.363907, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.364166, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.364294, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.366321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.367674, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.367869, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.368014, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:57.370213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.371556, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.371772, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.371899, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.373227, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.374712, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.374913, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.375054, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:57.391557, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.392900, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.393097, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.393237, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.395308, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.396623, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.396822, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.396943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.398446, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.399801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.400015, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.400137, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.402167, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.403553, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.403776, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.403898, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:57.406595, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.407938, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.408135, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.408277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.410379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.411877, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.412089, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.412211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.413441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.414831, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.415031, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.415153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.416422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.417749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.417950, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.418072, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.419326, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.420695, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.420896, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.421021, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.422545, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.423929, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.424151, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.424277, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.425674, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.426960, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.427159, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.427280, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.427400, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:57.427570, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:57.428244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.429043, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.429166, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.429286, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.429403, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.429537, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.429653, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.429795, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.429931, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.430052, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.430257, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000054-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.430783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000054-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.432388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.432593, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:57.432712, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.432832, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.432960, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.433085, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.433201, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.433355, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:57.433488, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:57.433606, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.433729, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.433846, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.433964, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.434080, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.434216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.434513, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:57.434649, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.434770, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.434888, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.435008, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.435142, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.435277, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.435410, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:57.435581, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.435703, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.435823, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.435941, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.436058, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.436218, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.436339, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.436460, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.436581, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.436725, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.436842, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.436997, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:57.437117, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:57.437238, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.437367, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.437492, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.437609, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.437758, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.437900, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.438020, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:57.438159, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.438278, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.438447, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.438567, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.438705, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.438841, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.438965, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:57.439084, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:57.439205, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.439335, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.439459, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.439608, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.439732, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.439929, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000055-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.440429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000055-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.441646, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.441848, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.441967, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.442102, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.442238, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.442383, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:57.442520, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:57.442640, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:57.442760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:57.442882, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:57.443004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:57.443124, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:57.443276, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:57.443397, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:57.443627, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:57.443752, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:57.443874, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:57.444015, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:57.444137, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:57.444266, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:57.444406, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:57.444527, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:57.444649, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:57.444777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.445464, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000055-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.446884, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.447083, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.447203, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.447345, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:57.463549, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000055-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.464004, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.464203, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 55 00 00 00 00 00 00 00 3F 50 BD BE ....U... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.464401, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.464528, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.464661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.465157, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000054-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.465573, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.465769, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 54 00 00 00 00 00 00 00 3F 50 BD BE ....T... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.466005, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.466126, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.466248, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.466748, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000053-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.467176, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.467370, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 53 00 00 00 00 00 00 00 3F 50 BD BE ....S... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.467715, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.467837, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:57.467958, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.468465, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000052-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.468895, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.469106, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 52 00 00 00 00 00 00 00 3F 50 BD BE ....R... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.469299, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.469417, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:57.469537, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.470163, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:57.470301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.471072, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.471208, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:57.471329, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.471445, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.471611, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.471728, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.471872, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.472007, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.472128, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.472325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000056-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.472814, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000056-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x00b4 (180) > name_size : 0x00b4 (180) > name : * > name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.474502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.474727, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/30 15:27:57.474846, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:57.474967, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/30 15:27:57.475087, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/30 15:27:57.475205, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.475325, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] >[2012/08/30 15:27:57.475464, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2012/08/30 15:27:57.475626, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/30 15:27:57.475749, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.475870, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.476014, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.476137, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.476254, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.476391, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.476527, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/08/30 15:27:57.476646, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.476767, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.476901, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.477020, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.477139, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.477292, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.477425, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.477544, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.477668, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.477785, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.477926, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.478046, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.478184, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.478320, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Environments] >[2012/08/30 15:27:57.478458, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.478582, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.478708, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.478830, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.478946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.479084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.479224, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows x64] >[2012/08/30 15:27:57.479344, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.479466, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.480391, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.480511, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.480627, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.480779, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.480914, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Drivers] >[2012/08/30 15:27:57.481035, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.481161, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.481281, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.481401, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.481520, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.481656, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.481792, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Version-3] >[2012/08/30 15:27:57.481929, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:57.482052, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.482172, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.482311, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.482428, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.482718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.482881, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.483001, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:57.483141, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.483276, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.483396, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.483564, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.483709, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.483830, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.483982, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.484104, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:57.484223, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:57.484353, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.484480, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.484599, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.484720, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.484839, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.484957, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.485077, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.485278, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.485789, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:57.486507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.486766, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.486887, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.487024, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Version] len[4] >[2012/08/30 15:27:57.487149, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Driver] len[26] >[2012/08/30 15:27:57.487269, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Data File] len[24] >[2012/08/30 15:27:57.487389, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Configuration File] len[20] >[2012/08/30 15:27:57.487556, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Help File] len[24] >[2012/08/30 15:27:57.487686, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Dependent Files] len[188] >[2012/08/30 15:27:57.487829, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Monitor] len[0] >[2012/08/30 15:27:57.487950, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Datatype] len[8] >[2012/08/30 15:27:57.488070, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Previous Names] len[2] >[2012/08/30 15:27:57.488221, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[DriverDate] len[22] >[2012/08/30 15:27:57.488341, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[DriverVersion] len[16] >[2012/08/30 15:27:57.488461, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Manufacturer] len[0] >[2012/08/30 15:27:57.488580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[OEM URL] len[0] >[2012/08/30 15:27:57.488716, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[HardwareID] len[0] >[2012/08/30 15:27:57.488837, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Provider] len[0] >[2012/08/30 15:27:57.488998, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Print Processor] len[0] >[2012/08/30 15:27:57.489118, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[VendorSetup] len[0] >[2012/08/30 15:27:57.489289, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Color Profiles] len[2] >[2012/08/30 15:27:57.489428, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[18]: name[InfPath] len[0] >[2012/08/30 15:27:57.489548, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] >[2012/08/30 15:27:57.489701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[20]: name[CoreDependencies] len[2] >[2012/08/30 15:27:57.489822, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] >[2012/08/30 15:27:57.489942, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] >[2012/08/30 15:27:57.490063, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.490211, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000017 (23) > max_valnamelen : * > max_valnamelen : 0x00000032 (50) > max_valbufsize : * > max_valbufsize : 0x000000bc (188) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:57.491803, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.493142, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.493352, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.493480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Version' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x03 (3) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.495020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.496391, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.496588, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.496712, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0034 (52) > name : * > name : 'Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:57.499456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.500815, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.501013, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.501136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Data File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x70 (112) > [17] : 0x00 (0) > [18] : 0x70 (112) > [19] : 0x00 (0) > [20] : 0x64 (100) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:57.503702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.505023, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.505218, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.505342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0026 (38) > size : 0x0034 (52) > name : * > name : 'Configuration File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(20) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x35 (53) > [5] : 0x00 (0) > [6] : 0x75 (117) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x64 (100) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x6c (108) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : * > size : 0x00000014 (20) > length : * > length : 0x00000014 (20) > result : WERR_OK >[2012/08/30 15:27:57.507807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.509150, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.509354, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.509480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Help File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x68 (104) > [17] : 0x00 (0) > [18] : 0x6c (108) > [19] : 0x00 (0) > [20] : 0x70 (112) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:57.512132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.513473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.513678, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.513804, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Dependent Files' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(188) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x48 (72) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x5f (95) > [31] : 0x00 (0) > [32] : 0x34 (52) > [33] : 0x00 (0) > [34] : 0x35 (53) > [35] : 0x00 (0) > [36] : 0x31 (49) > [37] : 0x00 (0) > [38] : 0x35 (53) > [39] : 0x00 (0) > [40] : 0x2e (46) > [41] : 0x00 (0) > [42] : 0x70 (112) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x64 (100) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x70 (112) > [51] : 0x00 (0) > [52] : 0x73 (115) > [53] : 0x00 (0) > [54] : 0x35 (53) > [55] : 0x00 (0) > [56] : 0x75 (117) > [57] : 0x00 (0) > [58] : 0x69 (105) > [59] : 0x00 (0) > [60] : 0x2e (46) > [61] : 0x00 (0) > [62] : 0x64 (100) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x6c (108) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x70 (112) > [71] : 0x00 (0) > [72] : 0x73 (115) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x72 (114) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x70 (112) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2e (46) > [85] : 0x00 (0) > [86] : 0x68 (104) > [87] : 0x00 (0) > [88] : 0x6c (108) > [89] : 0x00 (0) > [90] : 0x70 (112) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x70 (112) > [95] : 0x00 (0) > [96] : 0x73 (115) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x72 (114) > [101] : 0x00 (0) > [102] : 0x69 (105) > [103] : 0x00 (0) > [104] : 0x70 (112) > [105] : 0x00 (0) > [106] : 0x74 (116) > [107] : 0x00 (0) > [108] : 0x2e (46) > [109] : 0x00 (0) > [110] : 0x6e (110) > [111] : 0x00 (0) > [112] : 0x74 (116) > [113] : 0x00 (0) > [114] : 0x66 (102) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x63 (99) > [119] : 0x00 (0) > [120] : 0x75 (117) > [121] : 0x00 (0) > [122] : 0x70 (112) > [123] : 0x00 (0) > [124] : 0x73 (115) > [125] : 0x00 (0) > [126] : 0x36 (54) > [127] : 0x00 (0) > [128] : 0x2e (46) > [129] : 0x00 (0) > [130] : 0x69 (105) > [131] : 0x00 (0) > [132] : 0x6e (110) > [133] : 0x00 (0) > [134] : 0x69 (105) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x63 (99) > [139] : 0x00 (0) > [140] : 0x75 (117) > [141] : 0x00 (0) > [142] : 0x70 (112) > [143] : 0x00 (0) > [144] : 0x73 (115) > [145] : 0x00 (0) > [146] : 0x70 (112) > [147] : 0x00 (0) > [148] : 0x73 (115) > [149] : 0x00 (0) > [150] : 0x36 (54) > [151] : 0x00 (0) > [152] : 0x2e (46) > [153] : 0x00 (0) > [154] : 0x64 (100) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x6c (108) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x63 (99) > [163] : 0x00 (0) > [164] : 0x75 (117) > [165] : 0x00 (0) > [166] : 0x70 (112) > [167] : 0x00 (0) > [168] : 0x73 (115) > [169] : 0x00 (0) > [170] : 0x75 (117) > [171] : 0x00 (0) > [172] : 0x69 (105) > [173] : 0x00 (0) > [174] : 0x36 (54) > [175] : 0x00 (0) > [176] : 0x2e (46) > [177] : 0x00 (0) > [178] : 0x64 (100) > [179] : 0x00 (0) > [180] : 0x6c (108) > [181] : 0x00 (0) > [182] : 0x6c (108) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > size : * > size : 0x000000bc (188) > length : * > length : 0x000000bc (188) > result : WERR_OK >[2012/08/30 15:27:57.526477, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.527826, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.528041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.528189, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Monitor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.529268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.530749, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.530945, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.531066, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:57.532696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.534042, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.534249, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.534372, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Previous Names' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.536387, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.537690, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.537885, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.538005, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'DriverDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:57.540519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.541836, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.542051, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.542176, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001c (28) > size : 0x0034 (52) > name : * > name : 'DriverVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.544455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.545771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.545990, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.546115, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001a (26) > size : 0x0034 (52) > name : * > name : 'Manufacturer' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.547244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.548665, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.548870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.549015, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'OEM URL' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.550120, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.551620, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.551837, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.551960, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'HardwareID' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.553071, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.554521, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.554716, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.554837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Provider' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.555942, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.557307, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.557514, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.557656, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.558884, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.560260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.560478, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.560600, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0034 (52) > name : * > name : 'VendorSetup' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.561702, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.563214, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.563410, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.563564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Color Profiles' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.564771, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.566089, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.566446, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.566576, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'InfPath' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.567697, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000013 (19) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.569009, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.569220, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.569342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0030 (48) > size : 0x0034 (52) > name : * > name : 'PrinterDriverAttributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.570811, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000014 (20) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.572186, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.572384, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.572509, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0034 (52) > name : * > name : 'CoreDependencies' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.573717, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000015 (21) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.575076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.575294, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.575421, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x002c (44) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:57.577963, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000016 (22) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.579467, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.579682, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.579807, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0032 (50) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.581887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000057-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.582451, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.582647, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 57 00 00 00 00 00 00 00 3F 50 BD BE ....W... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.582840, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.582961, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:57.583079, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.583623, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000056-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.584033, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.584244, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 56 00 00 00 00 00 00 00 3F 50 BD BE ....V... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.584445, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.584562, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:57.584680, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.585158, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:57.585325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > out: struct spoolss_GetPrinterDriver2 > info : NULL > needed : * > needed : 0x000003e0 (992) > server_major_version : * > server_major_version : 0x00000000 (0) > server_minor_version : * > server_minor_version : 0x00000000 (0) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:57.585979, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:57.586106, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 88 >[2012/08/30 15:27:57.586236, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:57.586354, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 20. >[2012/08/30 15:27:57.586478, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 E0 03 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 7A 00 00 00 z... >[2012/08/30 15:27:57.587882, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2234 >[2012/08/30 15:27:57.588005, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:57.588150, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 44 bytes. There is no more data outstanding >[2012/08/30 15:27:57.588271, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..44] (align 0) >[2012/08/30 15:27:57.588389, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.588451, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10432 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 44 (0x2C) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:57.590034, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [0010] 00 14 00 00 00 00 00 00 00 00 00 00 00 E0 03 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 7A 00 00 00 ........ .z... >[2012/08/30 15:27:57.592827, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1856 >[2012/08/30 15:27:57.593012, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x740 >[2012/08/30 15:27:57.593132, 3] smbd/process.c:1662(process_smb) > Transaction 85 of length 1860 (0 toread) >[2012/08/30 15:27:57.593329, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.593399, 5] lib/util.c:342(show_msg) > size=1856 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10496 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1772 (0x6EC) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1772 (0x6EC) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17761 (0x4561) > smb_bcc=1789 >[2012/08/30 15:27:57.595220, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 EC 06 00 00 04 00 00 ........ ........ > [0020] 00 D4 06 00 00 00 00 35 00 00 00 00 00 4F 00 00 .......5 .....O.. > [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 00 00 02 .....?P. ........ > [0040] 00 0C 00 00 00 00 00 00 00 0C 00 00 00 57 00 69 ........ .....W.i > [0050] 00 6E 00 64 00 6F 00 77 00 73 00 20 00 78 00 36 .n.d.o.w .s. .x.6 > [0060] 00 34 00 00 00 06 00 00 00 04 00 02 00 80 06 00 .4...... ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:57.598454, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.598601, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.598730, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1772 params=0 setup=2 >[2012/08/30 15:27:57.598851, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:57.598967, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:57.599102, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:57.599412, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4561) >[2012/08/30 15:27:57.599555, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:57.599684, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1772 >[2012/08/30 15:27:57.599805, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1772 >[2012/08/30 15:27:57.599922, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1772 >[2012/08/30 15:27:57.600057, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1772, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:57.600175, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:57.600291, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1756 >[2012/08/30 15:27:57.600407, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1756 >[2012/08/30 15:27:57.600526, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:57.600643, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1756 >[2012/08/30 15:27:57.600759, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1756, incoming data = 1756 >[2012/08/30 15:27:57.600877, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:57.601003, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x06ec (1772) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000006d4 (1748) > context_id : 0x0000 (0) > opnum : 0x0035 (53) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1748 > [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 00 00 02 00 0C 00 00 00 00 00 00 00 ........ ........ > [0020] 0C 00 00 00 57 00 69 00 6E 00 64 00 6F 00 77 00 ....W.i. n.d.o.w. > [0030] 73 00 20 00 78 00 36 00 34 00 00 00 06 00 00 00 s. .x.6. 4....... > [0040] 04 00 02 00 80 06 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0680] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0690] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [06C0] 00 00 00 00 00 00 00 00 80 06 00 00 FF FF FF FF ........ ........ > [06D0] FF FF FF FF .... >[2012/08/30 15:27:57.611408, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:57.611687, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:57.611812, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:57.611936, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x35 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDRIVER2 >[2012/08/30 15:27:57.612056, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[53].fn == 0x7fd50aecc260 >[2012/08/30 15:27:57.612200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > in: struct spoolss_GetPrinterDriver2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 > architecture : * > architecture : 'Windows x64' > level : 0x00000006 (6) > buffer : * > buffer : DATA_BLOB length=1664 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0510] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0520] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0530] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0540] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0550] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0560] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0570] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0580] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0590] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [05F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0600] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0610] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0620] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0630] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0640] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0650] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0660] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0670] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x00000680 (1664) > client_major_version : 0xffffffff (4294967295) > client_minor_version : 0xffffffff (4294967295) >[2012/08/30 15:27:57.621213, 4] rpc_server/spoolss/srv_spoolss_nt.c:5603(_spoolss_GetPrinterDriver2) > _spoolss_GetPrinterDriver2 >[2012/08/30 15:27:57.621368, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.621569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.621763, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:57.621895, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:57.622019, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:57.622138, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:57.622290, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:57.622426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.623178, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.623313, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:57.623434, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.623575, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.623697, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.623825, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.623971, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.624105, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.624227, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.624425, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000058-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.624914, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000058-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.626677, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.626890, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:57.627009, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:57.627130, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.627247, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.627366, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.627586, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.627726, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:57.627859, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:57.627978, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.628098, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.628220, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.628339, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.628455, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.628610, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.628742, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:57.628861, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.628981, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.629099, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.629217, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.629334, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.629466, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.629618, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:57.629737, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.629858, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.629974, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.630093, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.630241, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.630388, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.630509, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.630649, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.630768, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.630887, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.631023, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.631160, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:57.631279, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.631400, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.631564, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.631693, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.631810, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.631952, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.632089, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.632209, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.632331, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.632450, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.632587, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.632703, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.632842, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.632978, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.633099, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.633218, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.633336, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.633455, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.633575, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.633694, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.633813, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.634025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.634536, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:57.635261, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.635459, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.635633, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.635798, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:57.635920, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:57.636039, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:57.636159, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:57.636278, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:57.636398, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:57.636570, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:57.636714, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:57.636834, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:57.636953, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:57.637072, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:57.637191, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:57.637310, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:57.637430, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:57.637554, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:57.637674, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:57.637793, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:57.637912, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:57.638182, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.638319, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:57.639873, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.641169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.641365, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.641487, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.642832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.644165, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.644360, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.644480, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:57.646057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.647333, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.647557, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.647704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.649000, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.650454, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.650650, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.650770, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:57.654138, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.655428, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.655650, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.655772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.657820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.659129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.659324, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.659445, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:57.662382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.663858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.664053, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.664190, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.665508, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.666843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.667041, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.667166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:57.683265, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.684621, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.684818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.684943, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.687093, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.688433, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.688646, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.688768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.690184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.691513, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.691830, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.691956, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.694571, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.695933, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.696138, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.696265, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:57.707852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.709373, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.709589, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.709736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.711996, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.713417, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.713623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.713752, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.715072, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.716507, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.716718, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.716843, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.718042, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.719733, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.719930, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.720069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.721291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.722772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.722967, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.723088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.724435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.725783, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.726019, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.726141, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.727684, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.728874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.729074, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.729193, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.729448, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:57.729587, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:57.730274, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.731054, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.731175, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.731295, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.731429, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.731583, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.731718, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.731861, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.731994, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.732116, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.732312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.732813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.734482, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.734680, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:57.734799, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.734945, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.735062, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.735181, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.735297, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:57.735436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:57.735606, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:57.735726, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.735846, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.735966, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.736084, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.736199, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.736333, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:57.736466, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:57.736586, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.736708, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.736826, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.736946, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.737063, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.737196, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:57.737328, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:57.737447, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.737570, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.737687, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.737805, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.737957, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:57.738118, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.738238, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.738359, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.738477, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.738596, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.738712, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:57.738857, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:57.738977, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:57.739116, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.739251, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.739364, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.740387, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.740527, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:57.740663, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.740807, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:57.740930, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.741049, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.741169, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.741285, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.741427, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.741563, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.741685, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:57.741822, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:57.741941, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.742060, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.742179, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.742299, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.742421, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.742648, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.743160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.744397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.744598, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.744718, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.744841, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.744962, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.745109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:57.745231, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:57.745351, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:57.745471, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:57.745590, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:57.745709, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:57.745828, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:57.745952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:57.746071, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:57.746190, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:57.746309, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:57.746575, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:57.746695, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:57.746813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:57.746932, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:57.747078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:57.747198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:57.747317, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:57.747437, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.748151, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:57.749381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.749578, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:57.749697, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:57.749819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:57.765624, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005b-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.766061, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.766281, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5B 00 00 00 00 00 00 00 3F 50 BD BE ....[... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.766476, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.766600, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.766721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.767200, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005a-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.767641, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.767854, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5A 00 00 00 00 00 00 00 3F 50 BD BE ....Z... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.768050, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.768168, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.768296, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.768777, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000059-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.769188, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.769383, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 59 00 00 00 00 00 00 00 3F 50 BD BE ....Y... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.769577, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.769699, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:57.769820, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.770454, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000058-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.770883, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.771094, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 58 00 00 00 00 00 00 00 3F 50 BD BE ....X... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.771288, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.771405, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:57.771551, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.772042, 8] rpc_server/spoolss/srv_spoolss_nt.c:5510(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:57.772173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.772927, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:57.773050, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:57.773170, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:57.773286, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:57.773404, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.773537, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:57.773677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:57.773809, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.773930, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.774168, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.774663, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 > keyname: struct winreg_String > name_len : 0x00b4 (180) > name_size : 0x00b4 (180) > name : * > name : 'SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:57.776347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.776551, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SYSTEM] >[2012/08/30 15:27:57.776671, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:57.776829, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM] >[2012/08/30 15:27:57.776948, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM] >[2012/08/30 15:27:57.777086, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.777204, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM] >[2012/08/30 15:27:57.777348, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM] >[2012/08/30 15:27:57.777482, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentControlSet] >[2012/08/30 15:27:57.777601, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:57.777725, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.777842, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.777985, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.778105, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.778241, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet] >[2012/08/30 15:27:57.778391, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Control] >[2012/08/30 15:27:57.778511, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:57.778632, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.778749, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.778867, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.778984, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.779140, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control] >[2012/08/30 15:27:57.779274, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:57.779393, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:57.779540, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.779668, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.779786, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.779903, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.780041, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print] >[2012/08/30 15:27:57.780209, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Environments] >[2012/08/30 15:27:57.780328, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:57.780449, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.780567, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.780693, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.780809, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.780944, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments] >[2012/08/30 15:27:57.781078, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows x64] >[2012/08/30 15:27:57.781200, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:57.781322, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.781441, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.781561, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.781679, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.781819, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64] >[2012/08/30 15:27:57.782120, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Drivers] >[2012/08/30 15:27:57.782240, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:57.782364, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.782482, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.782601, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.782718, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.782870, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers] >[2012/08/30 15:27:57.783006, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Version-3] >[2012/08/30 15:27:57.783126, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:57.783248, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.783370, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.783491, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.783689, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.783832, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3] >[2012/08/30 15:27:57.783970, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:57.784092, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:57.784224, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.784344, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.784470, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:57.784588, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.784725, 10] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) > regdb_fetch_keys: no subkeys found for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.784846, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.784983, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:57.785105, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:57.785225, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:57.785343, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:57.785485, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:57.785606, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:57.785725, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:57.785843, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:57.786001, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:57.786123, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.786321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > result : WERR_OK >[2012/08/30 15:27:57.786838, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:57.787594, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.787791, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:57.787919, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.788059, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Version] len[4] >[2012/08/30 15:27:57.788180, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Driver] len[26] >[2012/08/30 15:27:57.788299, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Data File] len[24] >[2012/08/30 15:27:57.788418, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Configuration File] len[20] >[2012/08/30 15:27:57.788540, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Help File] len[24] >[2012/08/30 15:27:57.788660, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Dependent Files] len[188] >[2012/08/30 15:27:57.788778, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Monitor] len[0] >[2012/08/30 15:27:57.788898, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Datatype] len[8] >[2012/08/30 15:27:57.789016, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Previous Names] len[2] >[2012/08/30 15:27:57.789136, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[DriverDate] len[22] >[2012/08/30 15:27:57.789256, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[DriverVersion] len[16] >[2012/08/30 15:27:57.789377, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Manufacturer] len[0] >[2012/08/30 15:27:57.789497, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[OEM URL] len[0] >[2012/08/30 15:27:57.789735, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[HardwareID] len[0] >[2012/08/30 15:27:57.789868, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Provider] len[0] >[2012/08/30 15:27:57.789988, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Print Processor] len[0] >[2012/08/30 15:27:57.790106, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[VendorSetup] len[0] >[2012/08/30 15:27:57.790225, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[Color Profiles] len[2] >[2012/08/30 15:27:57.790344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[18]: name[InfPath] len[0] >[2012/08/30 15:27:57.790464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[19]: name[PrinterDriverAttributes] len[4] >[2012/08/30 15:27:57.790602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[20]: name[CoreDependencies] len[2] >[2012/08/30 15:27:57.790722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[21]: name[MinInboxDriverVerDate] len[22] >[2012/08/30 15:27:57.790841, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[22]: name[MinInboxDriverVerVersion] len[16] >[2012/08/30 15:27:57.790962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.791102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000000 (0) > max_subkeylen : * > max_subkeylen : 0x00000000 (0) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000017 (23) > max_valnamelen : * > max_valnamelen : 0x00000032 (50) > max_valbufsize : * > max_valbufsize : 0x000000bc (188) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:57.792670, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.794124, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.794326, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.794453, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Version' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x03 (3) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.795805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.797111, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.797307, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.797431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0034 (52) > name : * > name : 'Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:57.800101, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.801430, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.801626, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.801770, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Data File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x70 (112) > [17] : 0x00 (0) > [18] : 0x70 (112) > [19] : 0x00 (0) > [20] : 0x64 (100) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:57.805086, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.806381, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.806723, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.806845, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0026 (38) > size : 0x0034 (52) > name : * > name : 'Configuration File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(20) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x35 (53) > [5] : 0x00 (0) > [6] : 0x75 (117) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x64 (100) > [13] : 0x00 (0) > [14] : 0x6c (108) > [15] : 0x00 (0) > [16] : 0x6c (108) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > size : * > size : 0x00000014 (20) > length : * > length : 0x00000014 (20) > result : WERR_OK >[2012/08/30 15:27:57.809192, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.810552, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.810759, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.810886, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0034 (52) > name : * > name : 'Help File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(24) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x2e (46) > [15] : 0x00 (0) > [16] : 0x68 (104) > [17] : 0x00 (0) > [18] : 0x6c (108) > [19] : 0x00 (0) > [20] : 0x70 (112) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > size : * > size : 0x00000018 (24) > length : * > length : 0x00000018 (24) > result : WERR_OK >[2012/08/30 15:27:57.813400, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.814722, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.814917, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.815038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Dependent Files' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(188) > [0] : 0x70 (112) > [1] : 0x00 (0) > [2] : 0x73 (115) > [3] : 0x00 (0) > [4] : 0x63 (99) > [5] : 0x00 (0) > [6] : 0x72 (114) > [7] : 0x00 (0) > [8] : 0x69 (105) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x74 (116) > [13] : 0x00 (0) > [14] : 0x35 (53) > [15] : 0x00 (0) > [16] : 0x2e (46) > [17] : 0x00 (0) > [18] : 0x64 (100) > [19] : 0x00 (0) > [20] : 0x6c (108) > [21] : 0x00 (0) > [22] : 0x6c (108) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x48 (72) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x5f (95) > [31] : 0x00 (0) > [32] : 0x34 (52) > [33] : 0x00 (0) > [34] : 0x35 (53) > [35] : 0x00 (0) > [36] : 0x31 (49) > [37] : 0x00 (0) > [38] : 0x35 (53) > [39] : 0x00 (0) > [40] : 0x2e (46) > [41] : 0x00 (0) > [42] : 0x70 (112) > [43] : 0x00 (0) > [44] : 0x70 (112) > [45] : 0x00 (0) > [46] : 0x64 (100) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x70 (112) > [51] : 0x00 (0) > [52] : 0x73 (115) > [53] : 0x00 (0) > [54] : 0x35 (53) > [55] : 0x00 (0) > [56] : 0x75 (117) > [57] : 0x00 (0) > [58] : 0x69 (105) > [59] : 0x00 (0) > [60] : 0x2e (46) > [61] : 0x00 (0) > [62] : 0x64 (100) > [63] : 0x00 (0) > [64] : 0x6c (108) > [65] : 0x00 (0) > [66] : 0x6c (108) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x70 (112) > [71] : 0x00 (0) > [72] : 0x73 (115) > [73] : 0x00 (0) > [74] : 0x63 (99) > [75] : 0x00 (0) > [76] : 0x72 (114) > [77] : 0x00 (0) > [78] : 0x69 (105) > [79] : 0x00 (0) > [80] : 0x70 (112) > [81] : 0x00 (0) > [82] : 0x74 (116) > [83] : 0x00 (0) > [84] : 0x2e (46) > [85] : 0x00 (0) > [86] : 0x68 (104) > [87] : 0x00 (0) > [88] : 0x6c (108) > [89] : 0x00 (0) > [90] : 0x70 (112) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x70 (112) > [95] : 0x00 (0) > [96] : 0x73 (115) > [97] : 0x00 (0) > [98] : 0x63 (99) > [99] : 0x00 (0) > [100] : 0x72 (114) > [101] : 0x00 (0) > [102] : 0x69 (105) > [103] : 0x00 (0) > [104] : 0x70 (112) > [105] : 0x00 (0) > [106] : 0x74 (116) > [107] : 0x00 (0) > [108] : 0x2e (46) > [109] : 0x00 (0) > [110] : 0x6e (110) > [111] : 0x00 (0) > [112] : 0x74 (116) > [113] : 0x00 (0) > [114] : 0x66 (102) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x63 (99) > [119] : 0x00 (0) > [120] : 0x75 (117) > [121] : 0x00 (0) > [122] : 0x70 (112) > [123] : 0x00 (0) > [124] : 0x73 (115) > [125] : 0x00 (0) > [126] : 0x36 (54) > [127] : 0x00 (0) > [128] : 0x2e (46) > [129] : 0x00 (0) > [130] : 0x69 (105) > [131] : 0x00 (0) > [132] : 0x6e (110) > [133] : 0x00 (0) > [134] : 0x69 (105) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x63 (99) > [139] : 0x00 (0) > [140] : 0x75 (117) > [141] : 0x00 (0) > [142] : 0x70 (112) > [143] : 0x00 (0) > [144] : 0x73 (115) > [145] : 0x00 (0) > [146] : 0x70 (112) > [147] : 0x00 (0) > [148] : 0x73 (115) > [149] : 0x00 (0) > [150] : 0x36 (54) > [151] : 0x00 (0) > [152] : 0x2e (46) > [153] : 0x00 (0) > [154] : 0x64 (100) > [155] : 0x00 (0) > [156] : 0x6c (108) > [157] : 0x00 (0) > [158] : 0x6c (108) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x63 (99) > [163] : 0x00 (0) > [164] : 0x75 (117) > [165] : 0x00 (0) > [166] : 0x70 (112) > [167] : 0x00 (0) > [168] : 0x73 (115) > [169] : 0x00 (0) > [170] : 0x75 (117) > [171] : 0x00 (0) > [172] : 0x69 (105) > [173] : 0x00 (0) > [174] : 0x36 (54) > [175] : 0x00 (0) > [176] : 0x2e (46) > [177] : 0x00 (0) > [178] : 0x64 (100) > [179] : 0x00 (0) > [180] : 0x6c (108) > [181] : 0x00 (0) > [182] : 0x6c (108) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > size : * > size : 0x000000bc (188) > length : * > length : 0x000000bc (188) > result : WERR_OK >[2012/08/30 15:27:57.827530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.828845, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.829043, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.829166, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'Monitor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.830366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.831727, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.831921, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.832060, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:57.833575, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.834876, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.835070, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.835213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Previous Names' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.836424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.837731, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.837928, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.838052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'DriverDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:57.840470, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.841766, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.842109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.842232, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001c (28) > size : 0x0034 (52) > name : * > name : 'DriverVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.844272, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.845551, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.845746, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.845867, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001a (26) > size : 0x0034 (52) > name : * > name : 'Manufacturer' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.846957, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.848267, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.848470, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.848608, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'OEM URL' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.849671, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.850973, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.851170, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.851291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0034 (52) > name : * > name : 'HardwareID' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.852373, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.853657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.854016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.854139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0034 (52) > name : * > name : 'Provider' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.855233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.856571, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.856766, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.856893, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0034 (52) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.858027, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.859306, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.859553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.859685, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0034 (52) > name : * > name : 'VendorSetup' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.860773, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.862095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.862297, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.862420, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0034 (52) > name : * > name : 'Color Profiles' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.864398, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000012 (18) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.865689, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.865884, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.866024, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0010 (16) > size : 0x0034 (52) > name : * > name : 'InfPath' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(0) > size : * > size : 0x00000000 (0) > length : * > length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.867260, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000013 (19) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.868580, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.868785, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.868913, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0030 (48) > size : 0x0034 (52) > name : * > name : 'PrinterDriverAttributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:57.870238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000014 (20) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.871617, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.871815, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.871941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0034 (52) > name : * > name : 'CoreDependencies' > type : * > type : REG_MULTI_SZ (7) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:57.873162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000015 (21) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.874500, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.874698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.874823, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x002c (44) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerDate' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(22) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x31 (49) > [3] : 0x00 (0) > [4] : 0x2f (47) > [5] : 0x00 (0) > [6] : 0x30 (48) > [7] : 0x00 (0) > [8] : 0x31 (49) > [9] : 0x00 (0) > [10] : 0x2f (47) > [11] : 0x00 (0) > [12] : 0x31 (49) > [13] : 0x00 (0) > [14] : 0x36 (54) > [15] : 0x00 (0) > [16] : 0x30 (48) > [17] : 0x00 (0) > [18] : 0x31 (49) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > size : * > size : 0x00000016 (22) > length : * > length : 0x00000016 (22) > result : WERR_OK >[2012/08/30 15:27:57.877301, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 > enum_index : 0x00000016 (22) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0034 (52) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000bc (188) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:57.878763, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.878958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\HP_4515] >[2012/08/30 15:27:57.879080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0032 (50) > size : 0x0034 (52) > name : * > name : 'MinInboxDriverVerVersion' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x30 (48) > [1] : 0x00 (0) > [2] : 0x2e (46) > [3] : 0x00 (0) > [4] : 0x30 (48) > [5] : 0x00 (0) > [6] : 0x2e (46) > [7] : 0x00 (0) > [8] : 0x30 (48) > [9] : 0x00 (0) > [10] : 0x2e (46) > [11] : 0x00 (0) > [12] : 0x30 (48) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:57.881160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005d-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.881576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.881771, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5D 00 00 00 00 00 00 00 3F 50 BD BE ....]... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.881964, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.882085, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:57.882205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.882722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000005c-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.883133, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.883327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 5C 00 00 00 00 00 00 00 3F 50 BD BE ....\... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.883559, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.883688, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:57.883813, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.884289, 8] rpc_server/spoolss/srv_spoolss_nt.c:5521(construct_printer_driver_info_level) > construct_printer_driver_info_level: status: WERR_OK >[2012/08/30 15:27:57.884461, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterDriver2: struct spoolss_GetPrinterDriver2 > out: struct spoolss_GetPrinterDriver2 > info : * > info : union spoolss_DriverInfo(case 6) > info6: struct spoolss_DriverInfo6 > version : SPOOLSS_DRIVER_VERSION_200X (3) > driver_name : * > driver_name : 'HP_4515' > architecture : * > architecture : 'Windows x64' > driver_path : * > driver_path : '\\orange\print$\x64\3\pscript5.dll' > data_file : * > data_file : '\\orange\print$\x64\3\HP_4515.ppd' > config_file : * > config_file : '\\orange\print$\x64\3\ps5ui.dll' > help_file : * > help_file : '\\orange\print$\x64\3\pscript.hlp' > dependent_files : * > dependent_files: ARRAY(8) > [0] : '\\orange\print$\x64\3\pscript5.dll' > [1] : '\\orange\print$\x64\3\HP_4515.ppd' > [2] : '\\orange\print$\x64\3\ps5ui.dll' > [3] : '\\orange\print$\x64\3\pscript.hlp' > [4] : '\\orange\print$\x64\3\pscript.ntf' > [5] : '\\orange\print$\x64\3\cups6.ini' > [6] : '\\orange\print$\x64\3\cupsps6.dll' > [7] : '\\orange\print$\x64\3\cupsui6.dll' > monitor_name : * > monitor_name : '' > default_datatype : * > default_datatype : 'RAW' > previous_names : NULL > driver_date : NTTIME(0) > driver_version : 0x0000000000000000 (0) > manufacturer_name : * > manufacturer_name : '' > manufacturer_url : * > manufacturer_url : '' > hardware_id : * > hardware_id : '' > provider : * > provider : '' > needed : * > needed : 0x000003e0 (992) > server_major_version : * > server_major_version : 0x00000000 (0) > server_minor_version : * > server_minor_version : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:57.887605, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:57.887737, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 1756 >[2012/08/30 15:27:57.887875, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:57.887995, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1688. >[2012/08/30 15:27:57.888120, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x06b0 (1712) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000698 (1688) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1688 > [0000] 08 00 02 00 80 06 00 00 03 00 00 00 70 06 00 00 ........ ....p... > [0010] 58 06 00 00 12 06 00 00 CE 05 00 00 8E 05 00 00 X....... ........ > [0020] 4A 05 00 00 2E 03 00 00 2C 03 00 00 24 03 00 00 J....... ,...$... > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 22 03 00 00 20 03 00 00 ........ "... ... > [0050] 1E 03 00 00 1C 03 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 52 00 41 00 ........ ....R.A. > [0330] 57 00 00 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 W.....\. \.o.r.a. > [0340] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [0350] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [0360] 5C 00 70 00 73 00 63 00 72 00 69 00 70 00 74 00 \.p.s.c. r.i.p.t. > [0370] 35 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 5...d.l. l...\.\. > [0380] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. > [0390] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. > [03A0] 34 00 5C 00 33 00 5C 00 48 00 50 00 5F 00 34 00 4.\.3.\. H.P._.4. > [03B0] 35 00 31 00 35 00 2E 00 70 00 70 00 64 00 00 00 5.1.5... p.p.d... > [03C0] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [03D0] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. > [03E0] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. > [03F0] 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 00 5.u.i... d.l.l... > [0400] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0410] 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 5C 00 \.p.r.i. n.t.$.\. > [0420] 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 00 x.6.4.\. 3.\.p.s. > [0430] 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 c.r.i.p. t...h.l. > [0440] 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 p...\.\. o.r.a.n. > [0450] 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 g.e.\.p. r.i.n.t. > [0460] 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 $.\.x.6. 4.\.3.\. > [0470] 70 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 p.s.c.r. i.p.t... > [0480] 6E 00 74 00 66 00 00 00 5C 00 5C 00 6F 00 72 00 n.t.f... \.\.o.r. > [0490] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. > [04A0] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. > [04B0] 33 00 5C 00 63 00 75 00 70 00 73 00 36 00 2E 00 3.\.c.u. p.s.6... > [04C0] 69 00 6E 00 69 00 00 00 5C 00 5C 00 6F 00 72 00 i.n.i... \.\.o.r. > [04D0] 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 a.n.g.e. \.p.r.i. > [04E0] 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 n.t.$.\. x.6.4.\. > [04F0] 33 00 5C 00 63 00 75 00 70 00 73 00 70 00 73 00 3.\.c.u. p.s.p.s. > [0500] 36 00 2E 00 64 00 6C 00 6C 00 00 00 5C 00 5C 00 6...d.l. l...\.\. > [0510] 6F 00 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 o.r.a.n. g.e.\.p. > [0520] 72 00 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 r.i.n.t. $.\.x.6. > [0530] 34 00 5C 00 33 00 5C 00 63 00 75 00 70 00 73 00 4.\.3.\. c.u.p.s. > [0540] 75 00 69 00 36 00 2E 00 64 00 6C 00 6C 00 00 00 u.i.6... d.l.l... > [0550] 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 ..\.\.o. r.a.n.g. > [0560] 65 00 5C 00 70 00 72 00 69 00 6E 00 74 00 24 00 e.\.p.r. i.n.t.$. > [0570] 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 \.x.6.4. \.3.\.p. > [0580] 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 s.c.r.i. p.t...h. > [0590] 6C 00 70 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.p...\. \.o.r.a. > [05A0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [05B0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [05C0] 5C 00 70 00 73 00 35 00 75 00 69 00 2E 00 64 00 \.p.s.5. u.i...d. > [05D0] 6C 00 6C 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 l.l...\. \.o.r.a. > [05E0] 6E 00 67 00 65 00 5C 00 70 00 72 00 69 00 6E 00 n.g.e.\. p.r.i.n. > [05F0] 74 00 24 00 5C 00 78 00 36 00 34 00 5C 00 33 00 t.$.\.x. 6.4.\.3. > [0600] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0610] 2E 00 70 00 70 00 64 00 00 00 5C 00 5C 00 6F 00 ..p.p.d. ..\.\.o. > [0620] 72 00 61 00 6E 00 67 00 65 00 5C 00 70 00 72 00 r.a.n.g. e.\.p.r. > [0630] 69 00 6E 00 74 00 24 00 5C 00 78 00 36 00 34 00 i.n.t.$. \.x.6.4. > [0640] 5C 00 33 00 5C 00 70 00 73 00 63 00 72 00 69 00 \.3.\.p. s.c.r.i. > [0650] 70 00 74 00 35 00 2E 00 64 00 6C 00 6C 00 00 00 p.t.5... d.l.l... > [0660] 57 00 69 00 6E 00 64 00 6F 00 77 00 73 00 20 00 W.i.n.d. o.w.s. . > [0670] 78 00 36 00 34 00 00 00 48 00 50 00 5F 00 34 00 x.6.4... H.P._.4. > [0680] 35 00 31 00 35 00 00 00 E0 03 00 00 00 00 00 00 5.1.5... ........ > [0690] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:57.897635, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:57.897765, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:57.897884, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:57.898012, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:57.898132, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.898193, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10496 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:57.899554, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 B0 06 00 00 04 00 00 ........ ........ > [0010] 00 98 06 00 00 00 00 00 00 08 00 02 00 80 06 00 ........ ........ > [0020] 00 03 00 00 00 70 06 00 00 58 06 00 00 12 06 00 .....p.. .X...... > [0030] 00 CE 05 00 00 8E 05 00 00 4A 05 00 00 2E 03 00 ........ .J...... > [0040] 00 2C 03 00 00 24 03 00 00 00 00 00 00 00 00 00 .,...$.. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 22 03 00 00 20 03 00 00 1E 03 00 00 1C 03 00 ."... .. ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:57.903364, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:57.903562, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:57.903692, 3] smbd/process.c:1662(process_smb) > Transaction 86 of length 63 (0 toread) >[2012/08/30 15:27:57.903810, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.903872, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10560 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17761 (0x4561) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 688 (0x2B0) > smb_vwv[ 6]= 688 (0x2B0) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 688 (0x2B0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:57.905351, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:57.905416, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.905535, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.905657, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 688 >[2012/08/30 15:27:57.905782, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 1712, current_pdu_sent = 1024 returning 688 bytes. >[2012/08/30 15:27:57.905939, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2234 >[2012/08/30 15:27:57.906064, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:57.906196, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 688 bytes. There is more data outstanding >[2012/08/30 15:27:57.906316, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=688 max=688 nread=688 >[2012/08/30 15:27:57.912535, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:57.912736, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:57.912857, 3] smbd/process.c:1662(process_smb) > Transaction 87 of length 132 (0 toread) >[2012/08/30 15:27:57.912976, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.913038, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10624 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1712 (0x6B0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17761 (0x4561) > smb_bcc=61 >[2012/08/30 15:27:57.914902, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 4F 00 00 ........ .....O.. > [0030] 00 00 00 00 00 3F 50 BD BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:57.915246, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.915367, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.915494, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:57.915640, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:57.915776, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:57.915897, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:57.916018, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4561) >[2012/08/30 15:27:57.916138, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1712 >[2012/08/30 15:27:57.916258, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:57.916376, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:57.916496, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:57.916614, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:57.916733, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:57.916851, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:57.916986, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:57.917105, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:57.917223, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:57.917340, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:57.917459, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:57.917583, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.920507, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:57.920636, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:57.920757, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:57.921029, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:57.921151, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:57.921302, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000004f-0000-0000-3f50-bdbeee0b0000 >[2012/08/30 15:27:57.921723, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.921922, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.922117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 4F 00 00 00 00 00 00 00 3F 50 BD BE ....O... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:57.922382, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:57.922530, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:57.923012, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:57.923143, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:57.923280, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1712 >[2012/08/30 15:27:57.923400, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:57.923581, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:57.925061, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:57.925201, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:57.925325, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:57.925444, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.925506, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=10624 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:57.927003, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:57.937201, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:57.937426, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:57.937547, 3] smbd/process.c:1662(process_smb) > Transaction 88 of length 45 (0 toread) >[2012/08/30 15:27:57.937664, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.937726, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10688 > smt_wct=3 > smb_vwv[ 0]=17761 (0x4561) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:57.938856, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:57.938922, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:57.939041, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.939160, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17761 (numopen=2) >[2012/08/30 15:27:57.939295, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:57.939435, 5] smbd/files.c:482(file_free) > freed files structure 17761 (1 used) >[2012/08/30 15:27:57.939711, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.939774, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=10688 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:57.940543, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:57.948258, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2012/08/30 15:27:57.948458, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/08/30 15:27:57.948579, 3] smbd/process.c:1662(process_smb) > Transaction 89 of length 124 (0 toread) >[2012/08/30 15:27:57.948733, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.948805, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10752 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/08/30 15:27:57.951810, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d > [0030] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:57.952161, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:57.952288, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:57.952408, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:57.954933, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:57.955367, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:57.955489, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/printers >[2012/08/30 15:27:57.955623, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:57.955750, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:57.955873, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:57.955998, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:57.956125, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:57.956243, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:57.956364, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/08/30 15:27:57.956482, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:57.956606, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:57.956733, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:57.956850, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:57.956979, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:57.957488, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/08/30 15:27:57.957620, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:57.957751, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 >[2012/08/30 15:27:57.957872, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:57.957991, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:57.958109, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:57.958299, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:57.958418, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/08/30 15:27:57.958615, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:57.958737, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:57.958863, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:57.958983, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:57.959112, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/08/30 15:27:57.959236, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/08/30 15:27:57.959355, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.959417, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10752 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/08/30 15:27:57.960814, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. > [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ > [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l > [0080] 00 6C 00 00 00 .l... >[2012/08/30 15:27:57.961952, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:57.965524, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2012/08/30 15:27:57.965710, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/08/30 15:27:57.965829, 3] smbd/process.c:1662(process_smb) > Transaction 90 of length 124 (0 toread) >[2012/08/30 15:27:57.965956, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.966018, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10816 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/08/30 15:27:57.967845, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d > [0030] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:57.968180, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:57.968300, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.968424, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:57.968584, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:57.968707, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:57.968836, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:57.968966, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:57.969238, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:57.969359, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/08/30 15:27:57.969477, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:57.969631, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:57.969755, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:57.969872, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:57.970003, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:57.970120, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/08/30 15:27:57.970246, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:57.970374, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 >[2012/08/30 15:27:57.970493, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:57.970676, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:57.970794, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:57.970926, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:57.971064, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/08/30 15:27:57.971187, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:57.971329, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:57.971470, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:57.971693, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:57.971820, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/08/30 15:27:57.971939, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/08/30 15:27:57.972073, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.972134, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10816 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/08/30 15:27:57.973485, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. > [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ > [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l > [0080] 00 6C 00 00 00 .l... >[2012/08/30 15:27:57.974464, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:57.976703, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 120 >[2012/08/30 15:27:57.976871, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x78 >[2012/08/30 15:27:57.976990, 3] smbd/process.c:1662(process_smb) > Transaction 91 of length 124 (0 toread) >[2012/08/30 15:27:57.977108, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.977170, 5] lib/util.c:342(show_msg) > size=120 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10880 > smt_wct=15 > smb_vwv[ 0]= 52 (0x34) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 52 (0x34) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=55 >[2012/08/30 15:27:57.979062, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 .c.r.i.p .t.5...d > [0030] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:57.979403, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:57.979562, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.979697, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:57.979824, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:57.979974, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:57.980100, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:57.980229, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:57.980346, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:57.980465, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript5.dll >[2012/08/30 15:27:57.980584, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:57.980700, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:57.980842, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:57.980959, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:57.981087, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:57.981280, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript5.dll, attr = 22 >[2012/08/30 15:27:57.981407, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:57.981538, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 >[2012/08/30 15:27:57.981659, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:57.981779, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:57.981899, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:57.982052, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:57.982179, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript5.dll] found x64/3/pscript5.dll fname=pscript5.dll (pscript5.dll) >[2012/08/30 15:27:57.982306, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:57.982442, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:57.982563, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:57.982680, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:57.982806, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 120, useable_space = 131010 >[2012/08/30 15:27:57.982924, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 120, paramsize = 10, datasize = 120 >[2012/08/30 15:27:57.983042, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.983104, 5] lib/util.c:342(show_msg) > size=188 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10880 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 120 (0x78) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 120 (0x78) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=133 >[2012/08/30 15:27:57.984492, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 78 00 00 ........ .....x.. > [0010] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0020] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0030] 2E 28 7B CD 01 00 48 08 00 00 00 00 00 00 00 10 .({...H. ........ > [0040] 00 00 00 00 00 20 00 00 00 18 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 35 00 2E 00 64 00 6C .r.i.p.t .5...d.l > [0080] 00 6C 00 00 00 .l... >[2012/08/30 15:27:57.985380, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript5.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:57.987395, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 124 >[2012/08/30 15:27:57.987638, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/08/30 15:27:57.987758, 3] smbd/process.c:1662(process_smb) > Transaction 92 of length 128 (0 toread) >[2012/08/30 15:27:57.987876, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.987937, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=10944 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/08/30 15:27:57.990751, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. > [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . >[2012/08/30 15:27:57.991023, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:57.991146, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:57.991334, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript5.dll >[2012/08/30 15:27:57.991487, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:57.991617, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:57.991743, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:57.991875, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:57.991995, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:57.992116, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:57.992310, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:57.992478, 5] smbd/files.c:140(file_new) > allocated file structure 13666, fnum = 17762 (2 used) >[2012/08/30 15:27:57.992601, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 >[2012/08/30 15:27:57.992754, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0744 >[2012/08/30 15:27:57.992930, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:57.993080, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:57.993199, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:57.994317, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:57.994446, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:57.994623, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:57.994810, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d7a0 >[2012/08/30 15:27:57.994933, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 >[2012/08/30 15:27:57.995077, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:57.995208, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:57.995329, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d9e0 >[2012/08/30 15:27:57.995472, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll >[2012/08/30 15:27:57.995623, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:57.995755, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. >[2012/08/30 15:27:57.995874, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) >[2012/08/30 15:27:57.996028, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153908 >[2012/08/30 15:27:57.996237, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153908, tv_sec = 503fbebd, tv_usec = f24dc >[2012/08/30 15:27:57.996405, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:57.996565, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:57.996696, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:57.996823, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:57.996942, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:57.997061, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:57.997183, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:57.997304, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:57.997428, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:57.997563, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:57.997699, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll >[2012/08/30 15:27:57.997982, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17762, open name = x64/3/pscript5.dll >[2012/08/30 15:27:57.998667, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:57.998829, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:57.998949, 3] smbd/process.c:1662(process_smb) > Transaction 93 of length 76 (0 toread) >[2012/08/30 15:27:57.999066, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:57.999127, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11008 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.000809, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 62 45 EE 03 ...bE.. >[2012/08/30 15:27:58.000940, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.001077, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.001201, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:58.001331, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.001467, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.001587, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.001706, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17762) level=1006 call=7 total_data=0 >[2012/08/30 15:27:58.001825, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17762) level=1006 max_data=8 >[2012/08/30 15:27:58.001982, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.002101, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.002222, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.002348, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:58.002468, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:58.002588, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:58.002705, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.002766, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11008 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:58.004148, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 A5 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:58.005756, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.005960, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.006081, 3] smbd/process.c:1662(process_smb) > Transaction 94 of length 63 (0 toread) >[2012/08/30 15:27:58.006204, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.006266, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11072 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17762 (0x4562) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.007922, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.007991, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.008111, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.008250, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.008379, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17762 file x64/3/pscript5.dll >[2012/08/30 15:27:58.008666, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:58.008790, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17762 max=4096 nread=4096 >[2012/08/30 15:27:58.016036, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.016234, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.016354, 3] smbd/process.c:1662(process_smb) > Transaction 95 of length 45 (0 toread) >[2012/08/30 15:27:58.016542, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.016605, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11136 > smt_wct=3 > smb_vwv[ 0]=17762 (0x4562) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.017578, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.017643, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.017773, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.017893, 3] smbd/reply.c:4848(reply_close) > close fd=36 fnum=17762 (numopen=1) >[2012/08/30 15:27:58.018011, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.018222, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153908 has kernel oplock state of 1. >[2012/08/30 15:27:58.018364, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.018510, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04ae20 >[2012/08/30 15:27:58.018627, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.018764, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x2ac0, type= 0x3, gen_id = 1302153908, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.019022, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.019154, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.019328, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript5.dll = 0 >[2012/08/30 15:27:58.019448, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript5.dll >[2012/08/30 15:27:58.019751, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript5.dll (numopen=0) NT_STATUS_OK >[2012/08/30 15:27:58.019872, 5] smbd/files.c:482(file_free) > freed files structure 17762 (1 used) >[2012/08/30 15:27:58.019992, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.020054, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11136 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.020831, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.021832, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 124 >[2012/08/30 15:27:58.021979, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/08/30 15:27:58.022097, 3] smbd/process.c:1662(process_smb) > Transaction 96 of length 128 (0 toread) >[2012/08/30 15:27:58.022215, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.022276, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11200 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/08/30 15:27:58.025538, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. > [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . >[2012/08/30 15:27:58.025816, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.025937, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.026062, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.026190, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:58.026313, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:58.026475, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.026621, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:58.026743, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:58.026863, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.026998, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.027124, 5] smbd/files.c:140(file_new) > allocated file structure 13667, fnum = 17763 (2 used) >[2012/08/30 15:27:58.027246, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 >[2012/08/30 15:27:58.027360, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0744 >[2012/08/30 15:27:58.027631, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.027760, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.027879, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.027997, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.028116, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.028245, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.028374, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d7a0 >[2012/08/30 15:27:58.028492, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 >[2012/08/30 15:27:58.028612, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.028765, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.028887, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d9e0 >[2012/08/30 15:27:58.029006, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll >[2012/08/30 15:27:58.029127, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.029254, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. >[2012/08/30 15:27:58.029373, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) >[2012/08/30 15:27:58.029508, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153909 >[2012/08/30 15:27:58.029635, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153909, tv_sec = 503fbebe, tv_usec = 69f2 >[2012/08/30 15:27:58.029759, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.029913, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.030036, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.030162, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.030280, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.030407, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.030532, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.030652, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.030775, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.030910, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.031036, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll >[2012/08/30 15:27:58.031171, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17763, open name = x64/3/pscript5.dll >[2012/08/30 15:27:58.032936, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.033093, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.033238, 3] smbd/process.c:1662(process_smb) > Transaction 97 of length 45 (0 toread) >[2012/08/30 15:27:58.033364, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.033426, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11264 > smt_wct=3 > smb_vwv[ 0]=17763 (0x4563) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.034545, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.034619, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.034739, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.034859, 3] smbd/reply.c:4848(reply_close) > close fd=36 fnum=17763 (numopen=1) >[2012/08/30 15:27:58.034977, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.035112, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153909 has kernel oplock state of 1. >[2012/08/30 15:27:58.035279, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.035404, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04ae20 >[2012/08/30 15:27:58.035558, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.035704, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x2bc0, type= 0x3, gen_id = 1302153909, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.035825, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.035946, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.036076, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript5.dll = 0 >[2012/08/30 15:27:58.036195, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript5.dll >[2012/08/30 15:27:58.036319, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript5.dll (numopen=0) NT_STATUS_OK >[2012/08/30 15:27:58.036438, 5] smbd/files.c:482(file_free) > freed files structure 17763 (1 used) >[2012/08/30 15:27:58.036558, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.036620, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11264 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.037436, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.038475, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 124 >[2012/08/30 15:27:58.038652, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7c >[2012/08/30 15:27:58.038778, 3] smbd/process.c:1662(process_smb) > Transaction 98 of length 128 (0 toread) >[2012/08/30 15:27:58.038897, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.038958, 5] lib/util.c:342(show_msg) > size=124 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11328 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9728 (0x2600) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=41 >[2012/08/30 15:27:58.042514, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 35 00 2E .s.c.r.i .p.t.5.. > [0020] 00 64 00 6C 00 6C 00 00 00 .d.l.l.. . >[2012/08/30 15:27:58.042800, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.042920, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.043044, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.043187, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript5.dll" >[2012/08/30 15:27:58.043310, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT5.DLL] -> [x64/3/pscript5.dll] >[2012/08/30 15:27:58.043435, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript5.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.043635, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript5.dll] -> [/var/lib/samba/printers/x64/3/pscript5.dll] >[2012/08/30 15:27:58.043753, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript5.dll reduced to /var/lib/samba/printers/x64/3/pscript5.dll >[2012/08/30 15:27:58.043873, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.043997, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript5.dll >[2012/08/30 15:27:58.044123, 5] smbd/files.c:140(file_new) > allocated file structure 13668, fnum = 17764 (2 used) >[2012/08/30 15:27:58.044265, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript5.dll hash 0xdec2eda5 >[2012/08/30 15:27:58.044385, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript5.dll) returning 0744 >[2012/08/30 15:27:58.044506, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.044636, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.044755, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.044874, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.045011, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript5.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.045136, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.045264, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d7a0 >[2012/08/30 15:27:58.045383, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba5:0 >[2012/08/30 15:27:58.045503, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.045634, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:27:58.045758, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d9e0 >[2012/08/30 15:27:58.045877, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript5.dll >[2012/08/30 15:27:58.045995, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.046123, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript5.dll, flags = 00 mode = 0744, fd = 36. >[2012/08/30 15:27:58.046396, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript5.dll read=Yes write=No (numopen=1) >[2012/08/30 15:27:58.046519, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153910 >[2012/08/30 15:27:58.046643, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript5.dll, 801:23ba5:0/1302153910, tv_sec = 503fbebe, tv_usec = ac5a >[2012/08/30 15:27:58.046767, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.046902, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.047026, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:27:58.047155, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.047273, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.047394, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.047565, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.047694, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.047817, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.047952, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.048081, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript5.dll >[2012/08/30 15:27:58.048216, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17764, open name = x64/3/pscript5.dll >[2012/08/30 15:27:58.049300, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:58.049454, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:58.049578, 3] smbd/process.c:1662(process_smb) > Transaction 99 of length 90 (0 toread) >[2012/08/30 15:27:58.049696, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.049758, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11392 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17764 (0x4564) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:58.051950, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:58.052079, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.052199, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.052345, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:58.052467, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:58.052602, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 64 45 01 00 ....dE.. >[2012/08/30 15:27:58.052772, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4564] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:58.052892, 2] smbd/nttrans.c:2440(smb_fsctl) > smb_fsctl (0x1401c4): Currently not implemented. >[2012/08/30 15:27:58.053011, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:58.053145, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.053207, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11392 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.053993, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.054200, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.054333, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:58.054451, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:58.054759, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:58.054910, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.055032, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.055149, 3] smbd/process.c:1662(process_smb) > Transaction 100 of length 76 (0 toread) >[2012/08/30 15:27:58.055267, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.055328, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11456 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.057626, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 64 45 ED 03 ...dE.. >[2012/08/30 15:27:58.057756, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.057896, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.058016, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:58.060739, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:58.061162, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:58.061286, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:58.061420, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.061557, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.061694, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.061813, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1005 call=7 total_data=0 >[2012/08/30 15:27:58.061933, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1005 max_data=24 >[2012/08/30 15:27:58.062052, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.062201, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.062326, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.062451, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:58.062570, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:58.062690, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:58.062807, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.062869, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11456 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:58.064259, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 48 08 ........ ......H. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:58.064900, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.065032, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.065151, 3] smbd/process.c:1662(process_smb) > Transaction 101 of length 76 (0 toread) >[2012/08/30 15:27:58.065270, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.065344, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11520 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.067043, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 64 45 EC 03 ...dE.. >[2012/08/30 15:27:58.067173, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.067292, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.067413, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.067552, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.067699, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.067818, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.067953, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.068073, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1004 max_data=40 >[2012/08/30 15:27:58.068192, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.068327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.068445, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.068574, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.068692, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:58.069065, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.069189, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.069309, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.069370, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11520 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.070863, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0010] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:58.071693, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.071826, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.071944, 3] smbd/process.c:1662(process_smb) > Transaction 102 of length 76 (0 toread) >[2012/08/30 15:27:58.072065, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.072126, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11584 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.073767, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 64 45 FE 03 ...dE.. >[2012/08/30 15:27:58.073902, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.074050, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.074177, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:58.074309, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.074465, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.074586, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.074705, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1022 call=7 total_data=0 >[2012/08/30 15:27:58.074825, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1022 max_data=4094 >[2012/08/30 15:27:58.074943, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.075072, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.075192, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.075314, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:58.075437, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:58.075617, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:58.075735, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.075796, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11584 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:58.077143, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 48 08 ........ ......H. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:58.077836, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.077979, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.078101, 3] smbd/process.c:1662(process_smb) > Transaction 103 of length 76 (0 toread) >[2012/08/30 15:27:58.078219, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.078280, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11648 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.079942, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 64 45 EC 03 ...dE.. >[2012/08/30 15:27:58.080072, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.080190, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.080327, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.080457, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.080609, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.080730, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:27:58.080848, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript5.dll (fnum = 17764) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.080968, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript5.dll (fnum = 17764) level=1004 max_data=40 >[2012/08/30 15:27:58.081105, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript5.dll >[2012/08/30 15:27:58.081224, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.081350, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.081472, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.081590, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:58.082113, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.082231, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.082349, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.082410, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11648 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.083782, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 B0 91 B7 2E 28 7B CD 01 BF 47 1F ........ .({...G. > [0010] CC E3 86 CD 01 B0 91 B7 2E 28 7B CD 01 B0 91 B7 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:58.085662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:58.085869, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:58.085989, 3] smbd/process.c:1662(process_smb) > Transaction 104 of length 74 (0 toread) >[2012/08/30 15:27:58.086107, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.086168, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11712 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:58.089153, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:58.089292, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.089411, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.089533, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:58.089720, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:58.089874, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:58.090086, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:58.090205, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.090267, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=11712 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:58.091670, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:58.091964, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:58.093240, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.093554, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.093777, 3] smbd/process.c:1662(process_smb) > Transaction 105 of length 63 (0 toread) >[2012/08/30 15:27:58.093996, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.094067, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11776 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.097005, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.097082, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.097282, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.097409, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.097531, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.097681, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 0, size = 32768, returned 32768 >[2012/08/30 15:27:58.097802, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.098087, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.098212, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.098537, 3] smbd/process.c:1662(process_smb) > Transaction 106 of length 63 (0 toread) >[2012/08/30 15:27:58.098806, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.099138, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11841 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.100800, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.100865, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.100984, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.101106, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.101224, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.101389, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 32768, size = 32768, returned 32768 >[2012/08/30 15:27:58.101511, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.101758, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.102058, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.102276, 3] smbd/process.c:1662(process_smb) > Transaction 107 of length 63 (0 toread) >[2012/08/30 15:27:58.102403, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.102465, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11906 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.103949, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.104014, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.104134, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.104261, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.104379, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.104522, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 65536, size = 32768, returned 32768 >[2012/08/30 15:27:58.104643, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.104897, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.105025, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.106742, 3] smbd/process.c:1662(process_smb) > Transaction 108 of length 63 (0 toread) >[2012/08/30 15:27:58.106894, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.106956, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=11971 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.108526, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.108608, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.108728, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.108852, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.108973, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.109118, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 98304, size = 32768, returned 32768 >[2012/08/30 15:27:58.109240, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.109499, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.109625, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.109880, 3] smbd/process.c:1662(process_smb) > Transaction 109 of length 63 (0 toread) >[2012/08/30 15:27:58.110086, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.110149, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12036 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.111726, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.111790, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.111911, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.112034, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.112164, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.112392, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 131072, size = 32768, returned 32768 >[2012/08/30 15:27:58.112517, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.112763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.112897, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.113171, 3] smbd/process.c:1662(process_smb) > Transaction 110 of length 63 (0 toread) >[2012/08/30 15:27:58.113388, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.113451, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12101 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.114998, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.115078, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.115196, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.115319, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.115440, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.115640, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 163840, size = 32768, returned 32768 >[2012/08/30 15:27:58.115781, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.116047, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.116173, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.116452, 3] smbd/process.c:1662(process_smb) > Transaction 111 of length 63 (0 toread) >[2012/08/30 15:27:58.116670, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.116735, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12166 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.118397, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.118462, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.118627, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.118901, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.119024, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.119169, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 196608, size = 32768, returned 32768 >[2012/08/30 15:27:58.119310, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.119601, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.119753, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.119874, 3] smbd/process.c:1662(process_smb) > Transaction 112 of length 63 (0 toread) >[2012/08/30 15:27:58.119993, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.120057, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12231 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.122377, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.122457, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.122578, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.122708, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.122830, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.122986, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 229376, size = 32768, returned 32768 >[2012/08/30 15:27:58.123134, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.123687, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.123859, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.123981, 3] smbd/process.c:1662(process_smb) > Transaction 113 of length 63 (0 toread) >[2012/08/30 15:27:58.124100, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.124165, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12296 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.125749, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.125817, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.126065, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.126200, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.126332, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.126481, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 262144, size = 32768, returned 32768 >[2012/08/30 15:27:58.126620, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.126774, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.126895, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.127016, 3] smbd/process.c:1662(process_smb) > Transaction 114 of length 63 (0 toread) >[2012/08/30 15:27:58.127136, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.127197, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12361 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.130707, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.130782, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.130974, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.131108, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.131227, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.131390, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 294912, size = 32768, returned 32768 >[2012/08/30 15:27:58.131561, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.133392, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.133541, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.133664, 3] smbd/process.c:1662(process_smb) > Transaction 115 of length 63 (0 toread) >[2012/08/30 15:27:58.133782, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.133843, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12426 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.135580, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.135647, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.135766, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.135905, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.136035, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.136188, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 327680, size = 32768, returned 32768 >[2012/08/30 15:27:58.136314, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.137737, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.137881, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.138014, 3] smbd/process.c:1662(process_smb) > Transaction 116 of length 63 (0 toread) >[2012/08/30 15:27:58.138132, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.138197, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12491 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.140034, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.140110, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.140240, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.140369, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.140490, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.140651, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 360448, size = 32768, returned 32768 >[2012/08/30 15:27:58.140775, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.141994, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.142225, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.142348, 3] smbd/process.c:1662(process_smb) > Transaction 117 of length 63 (0 toread) >[2012/08/30 15:27:58.142467, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.142669, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12556 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.144266, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.144330, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.144451, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.144573, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.144707, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.144849, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 393216, size = 32768, returned 32768 >[2012/08/30 15:27:58.144974, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.145230, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.145357, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.145476, 3] smbd/process.c:1662(process_smb) > Transaction 118 of length 63 (0 toread) >[2012/08/30 15:27:58.145735, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.145813, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12621 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.147727, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.147795, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.147916, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.148044, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.148163, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.148307, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 425984, size = 32768, returned 32768 >[2012/08/30 15:27:58.148429, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.148701, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.148824, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.148960, 3] smbd/process.c:1662(process_smb) > Transaction 119 of length 63 (0 toread) >[2012/08/30 15:27:58.149222, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.149379, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12686 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.150970, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.151045, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.151172, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.151295, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.151413, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.151557, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 458752, size = 32768, returned 32768 >[2012/08/30 15:27:58.151706, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.152046, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.152179, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.152404, 3] smbd/process.c:1662(process_smb) > Transaction 120 of length 63 (0 toread) >[2012/08/30 15:27:58.152540, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.152602, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12751 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.154258, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.154321, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.154456, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.154581, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.154698, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.154852, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 491520, size = 32768, returned 32768 >[2012/08/30 15:27:58.154975, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=32768 nread=32768 >[2012/08/30 15:27:58.155303, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.155441, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.155711, 3] smbd/process.c:1662(process_smb) > Transaction 121 of length 63 (0 toread) >[2012/08/30 15:27:58.155832, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.155894, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=12800 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17764 (0x4564) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=18432 (0x4800) > smb_vwv[ 6]=18432 (0x4800) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=18432 (0x4800) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.157408, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.157474, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.157609, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.157774, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript5.dll >[2012/08/30 15:27:58.157900, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=18432 unlocked for fnum 17764 file x64/3/pscript5.dll >[2012/08/30 15:27:58.158076, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript5.dll): pos = 524288, size = 18432, returned 18432 >[2012/08/30 15:27:58.158215, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17764 max=18432 nread=18432 >[2012/08/30 15:27:58.161224, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.161414, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.161553, 3] smbd/process.c:1662(process_smb) > Transaction 122 of length 122 (0 toread) >[2012/08/30 15:27:58.161688, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.161750, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=12864 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.163454, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 00 50 .x.6.4.\ .3.\.H.P > [0020] 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 ._.4.5.1 .5...p.p > [0030] 00 64 00 00 00 .d... >[2012/08/30 15:27:58.163857, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.163979, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.164103, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.164249, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/HP_4515.ppd" >[2012/08/30 15:27:58.164372, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/HP_4515.PPD] >[2012/08/30 15:27:58.164509, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:58.164634, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/HP_4515.ppd, dirpath = x64/3, start = HP_4515.ppd >[2012/08/30 15:27:58.164758, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c04aeb0:size 11) X64/3/HP_4515.PPD -> x64/3/HP_4515.ppd >[2012/08/30 15:27:58.164878, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/HP_4515.ppd -> x64/3/HP_4515.ppd >[2012/08/30 15:27:58.164996, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] >[2012/08/30 15:27:58.165132, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.165254, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd >[2012/08/30 15:27:58.165374, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = HP_4515.ppd >[2012/08/30 15:27:58.165496, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.165763, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.165889, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.166007, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.166140, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.166271, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = HP_4515.ppd, attr = 22 >[2012/08/30 15:27:58.166394, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.166544, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c016340 now at offset -1 >[2012/08/30 15:27:58.166682, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.166803, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.166925, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.167081, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.167202, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[HP_4515.ppd] found x64/3/HP_4515.ppd fname=HP_4515.ppd (HP_4515.ppd) >[2012/08/30 15:27:58.167352, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.167471, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.168393, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.168515, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.168649, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.168772, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.168892, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.168953, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=12864 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.170423, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ > [0020] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. > [0030] CB E3 86 CD 01 2A 4F 00 00 00 00 00 00 00 00 10 .....*O. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 48 00 50 00 5F ........ ...H.P._ > [0070] 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 00 64 .4.5.1.5 ...p.p.d > [0080] 00 . >[2012/08/30 15:27:58.171275, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=HP_4515.ppd directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.173986, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.174160, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.174283, 3] smbd/process.c:1662(process_smb) > Transaction 123 of length 122 (0 toread) >[2012/08/30 15:27:58.174417, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.174557, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=12928 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.176664, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 00 50 .x.6.4.\ .3.\.H.P > [0020] 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 ._.4.5.1 .5...p.p > [0030] 00 64 00 00 00 .d... >[2012/08/30 15:27:58.177053, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.177173, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.177301, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.177450, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/HP_4515.ppd" >[2012/08/30 15:27:58.177574, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.177715, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] >[2012/08/30 15:27:58.177828, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.178020, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd >[2012/08/30 15:27:58.178150, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = HP_4515.ppd >[2012/08/30 15:27:58.178427, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.178547, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.178679, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.178801, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.178932, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.179070, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = HP_4515.ppd, attr = 22 >[2012/08/30 15:27:58.179190, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.179325, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 >[2012/08/30 15:27:58.179451, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.179627, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.179749, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.179901, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.180061, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[HP_4515.ppd] found x64/3/HP_4515.ppd fname=HP_4515.ppd (HP_4515.ppd) >[2012/08/30 15:27:58.180194, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.180314, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.180435, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.180595, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.180726, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.180846, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.180966, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.181027, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=12928 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.182534, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ > [0020] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. > [0030] CB E3 86 CD 01 2A 4F 00 00 00 00 00 00 00 00 10 .....*O. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 48 00 50 00 5F ........ ...H.P._ > [0070] 00 34 00 35 00 31 00 35 00 2E 00 70 00 70 00 64 .4.5.1.5 ...p.p.d > [0080] 00 . >[2012/08/30 15:27:58.183418, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=HP_4515.ppd directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.184627, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.184781, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.184901, 3] smbd/process.c:1662(process_smb) > Transaction 124 of length 126 (0 toread) >[2012/08/30 15:27:58.185052, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.185122, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=12992 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.187419, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H > [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p > [0020] 00 70 00 64 00 00 00 .p.d... >[2012/08/30 15:27:58.187783, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.187920, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.188052, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.188177, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/HP_4515.ppd" >[2012/08/30 15:27:58.188317, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.188445, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] >[2012/08/30 15:27:58.188576, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.188710, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd >[2012/08/30 15:27:58.188828, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.188968, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.189112, 5] smbd/files.c:140(file_new) > allocated file structure 13669, fnum = 17765 (3 used) >[2012/08/30 15:27:58.189236, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 >[2012/08/30 15:27:58.189361, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/HP_4515.ppd) returning 0744 >[2012/08/30 15:27:58.189480, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.189613, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.189734, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.189853, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.189975, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.190234, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.190392, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b390 >[2012/08/30 15:27:58.190514, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 >[2012/08/30 15:27:58.190651, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.190799, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.190921, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b5d0 >[2012/08/30 15:27:58.191056, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.191177, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.191320, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. >[2012/08/30 15:27:58.191441, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) >[2012/08/30 15:27:58.191628, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153911 >[2012/08/30 15:27:58.191757, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153911, tv_sec = 503fbebe, tv_usec = 2e2b6 >[2012/08/30 15:27:58.191883, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.192021, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.192149, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.192277, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.192394, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.192515, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.192633, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.192753, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.192876, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.193013, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.193159, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.193279, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17765, open name = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.193898, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.194092, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.194215, 3] smbd/process.c:1662(process_smb) > Transaction 125 of length 76 (0 toread) >[2012/08/30 15:27:58.194333, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.194394, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13056 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.196149, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 65 45 EE 03 ...eE.. >[2012/08/30 15:27:58.196278, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.196400, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.196536, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:58.196667, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.196822, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.196941, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.197076, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17765) level=1006 call=7 total_data=0 >[2012/08/30 15:27:58.197199, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17765) level=1006 max_data=8 >[2012/08/30 15:27:58.197318, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.197452, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.197586, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.197725, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:58.197846, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:58.197985, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:58.198120, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.198182, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13056 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:58.199638, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 A6 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:58.200844, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.200999, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.201124, 3] smbd/process.c:1662(process_smb) > Transaction 126 of length 63 (0 toread) >[2012/08/30 15:27:58.201254, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.201316, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13120 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17765 (0x4565) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.202968, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.203033, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.203155, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.203278, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.203397, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17765 file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.203556, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/HP_4515.ppd): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:58.203687, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17765 max=4096 nread=4096 >[2012/08/30 15:27:58.206554, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.206761, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.206919, 3] smbd/process.c:1662(process_smb) > Transaction 127 of length 45 (0 toread) >[2012/08/30 15:27:58.207066, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.207141, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13184 > smt_wct=3 > smb_vwv[ 0]=17765 (0x4565) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.208389, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.208468, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.208627, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.208787, 3] smbd/reply.c:4848(reply_close) > close fd=37 fnum=17765 (numopen=2) >[2012/08/30 15:27:58.208930, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.209095, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153911 has kernel oplock state of 1. >[2012/08/30 15:27:58.209264, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.209429, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04ce90 >[2012/08/30 15:27:58.209576, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.209742, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x32c0, type= 0x3, gen_id = 1302153911, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.210270, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.210440, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.210597, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/HP_4515.ppd = 0 >[2012/08/30 15:27:58.210755, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.210904, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/HP_4515.ppd (numopen=1) NT_STATUS_OK >[2012/08/30 15:27:58.211048, 5] smbd/files.c:482(file_free) > freed files structure 17765 (2 used) >[2012/08/30 15:27:58.211343, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.211442, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13184 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.212440, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.213882, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.214063, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.214202, 3] smbd/process.c:1662(process_smb) > Transaction 128 of length 126 (0 toread) >[2012/08/30 15:27:58.214361, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.214432, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13248 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.217249, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H > [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p > [0020] 00 70 00 64 00 00 00 .p.d... >[2012/08/30 15:27:58.217587, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.217796, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.217944, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.218068, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/HP_4515.ppd" >[2012/08/30 15:27:58.218207, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.218349, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] >[2012/08/30 15:27:58.218481, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.218601, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd >[2012/08/30 15:27:58.218732, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.218990, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.219200, 5] smbd/files.c:140(file_new) > allocated file structure 13670, fnum = 17766 (3 used) >[2012/08/30 15:27:58.219323, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 >[2012/08/30 15:27:58.219461, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/HP_4515.ppd) returning 0744 >[2012/08/30 15:27:58.219611, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.219733, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.219869, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.220032, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.220182, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.220308, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.220436, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b390 >[2012/08/30 15:27:58.220554, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 >[2012/08/30 15:27:58.220691, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.220838, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.220959, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b5d0 >[2012/08/30 15:27:58.221094, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.221217, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.221348, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. >[2012/08/30 15:27:58.221472, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) >[2012/08/30 15:27:58.221595, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153912 >[2012/08/30 15:27:58.221756, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153912, tv_sec = 503fbebe, tv_usec = 3583e >[2012/08/30 15:27:58.221880, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.222033, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.222172, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.222297, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.222417, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.222535, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.222671, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.222791, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.222914, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.223061, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.223207, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.223329, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17766, open name = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.224432, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.224711, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.224832, 3] smbd/process.c:1662(process_smb) > Transaction 129 of length 45 (0 toread) >[2012/08/30 15:27:58.224954, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.225015, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13312 > smt_wct=3 > smb_vwv[ 0]=17766 (0x4566) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.226148, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.226228, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.226363, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.226483, 3] smbd/reply.c:4848(reply_close) > close fd=37 fnum=17766 (numopen=2) >[2012/08/30 15:27:58.226620, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.226776, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153912 has kernel oplock state of 1. >[2012/08/30 15:27:58.226920, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.227048, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04ce90 >[2012/08/30 15:27:58.227176, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.227318, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x33c0, type= 0x3, gen_id = 1302153912, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.227455, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.228420, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.228560, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/HP_4515.ppd = 0 >[2012/08/30 15:27:58.228702, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.228831, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/HP_4515.ppd (numopen=1) NT_STATUS_OK >[2012/08/30 15:27:58.228962, 5] smbd/files.c:482(file_free) > freed files structure 17766 (2 used) >[2012/08/30 15:27:58.229090, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.229151, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13312 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.229986, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.231412, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.231635, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.231767, 3] smbd/process.c:1662(process_smb) > Transaction 130 of length 126 (0 toread) >[2012/08/30 15:27:58.231901, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.231974, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13376 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.234208, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 48 .\.x.6.4 .\.3.\.H > [0010] 00 50 00 5F 00 34 00 35 00 31 00 35 00 2E 00 70 .P._.4.5 .1.5...p > [0020] 00 70 00 64 00 00 00 .p.d... >[2012/08/30 15:27:58.234501, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.234637, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.234777, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.234916, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/HP_4515.ppd" >[2012/08/30 15:27:58.235038, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/HP_4515.PPD] -> [x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.235194, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/HP_4515.ppd] [/var/lib/samba/printers] >[2012/08/30 15:27:58.235326, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/HP_4515.ppd] -> [/var/lib/samba/printers/x64/3/HP_4515.ppd] >[2012/08/30 15:27:58.235444, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/HP_4515.ppd reduced to /var/lib/samba/printers/x64/3/HP_4515.ppd >[2012/08/30 15:27:58.235610, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.235750, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.235891, 5] smbd/files.c:140(file_new) > allocated file structure 13671, fnum = 17767 (3 used) >[2012/08/30 15:27:58.236032, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/HP_4515.ppd hash 0xcfec0173 >[2012/08/30 15:27:58.236154, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/HP_4515.ppd) returning 0744 >[2012/08/30 15:27:58.236275, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.236397, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.236518, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.236647, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.236778, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/HP_4515.ppd, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.236919, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.237055, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b390 >[2012/08/30 15:27:58.237179, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba6:0 >[2012/08/30 15:27:58.237302, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.237449, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:27:58.237570, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04b5d0 >[2012/08/30 15:27:58.237705, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.237825, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.237968, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/HP_4515.ppd, flags = 00 mode = 0744, fd = 37. >[2012/08/30 15:27:58.238089, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/HP_4515.ppd read=Yes write=No (numopen=2) >[2012/08/30 15:27:58.238358, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153913 >[2012/08/30 15:27:58.238479, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/HP_4515.ppd, 801:23ba6:0/1302153913, tv_sec = 503fbebe, tv_usec = 39971 >[2012/08/30 15:27:58.238620, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.238772, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.238933, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:27:58.239076, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.239197, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.239315, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.239449, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.239607, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.239757, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.239911, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.240048, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.240189, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17767, open name = x64/3/HP_4515.ppd >[2012/08/30 15:27:58.241361, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:58.241571, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:58.241694, 3] smbd/process.c:1662(process_smb) > Transaction 131 of length 90 (0 toread) >[2012/08/30 15:27:58.241812, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.241897, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13440 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17767 (0x4567) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:58.244184, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:58.244333, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.244457, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.244622, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:58.244748, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:58.244884, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 67 45 01 00 ....gE.. >[2012/08/30 15:27:58.245028, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4567] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:58.245152, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:58.245274, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.245335, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13440 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.246196, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.246894, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.247038, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.247182, 3] smbd/process.c:1662(process_smb) > Transaction 132 of length 76 (0 toread) >[2012/08/30 15:27:58.247301, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.247381, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13504 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.249123, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 67 45 ED 03 ...gE.. >[2012/08/30 15:27:58.249264, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.249389, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.249526, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:58.249681, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.249820, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.250100, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.250220, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1005 call=7 total_data=0 >[2012/08/30 15:27:58.250340, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1005 max_data=24 >[2012/08/30 15:27:58.250477, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.250598, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.250716, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.250870, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:58.250992, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:58.251110, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:58.251245, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.251306, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13504 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:58.252719, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 2A 4F 00 ........ .....*O. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:58.253453, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.253606, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.253742, 3] smbd/process.c:1662(process_smb) > Transaction 133 of length 76 (0 toread) >[2012/08/30 15:27:58.253859, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.253964, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13568 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.255691, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 67 45 EC 03 ...gE.. >[2012/08/30 15:27:58.255823, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.255942, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.256078, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.256222, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.256359, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.256502, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.256640, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.256760, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1004 max_data=40 >[2012/08/30 15:27:58.256883, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.257005, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.257123, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.257248, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.257365, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.257730, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.257874, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.258007, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.258074, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13568 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.259463, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ > [0010] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.260218, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.260368, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.260498, 3] smbd/process.c:1662(process_smb) > Transaction 134 of length 76 (0 toread) >[2012/08/30 15:27:58.260622, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.260695, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13632 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.262524, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 67 45 FE 03 ...gE.. >[2012/08/30 15:27:58.262657, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.262779, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.262899, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:58.263049, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.263211, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.263331, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.263466, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1022 call=7 total_data=0 >[2012/08/30 15:27:58.263613, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1022 max_data=4094 >[2012/08/30 15:27:58.263735, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.263853, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.263975, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.264100, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:58.264223, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:58.264358, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:58.264494, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.264556, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13632 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:58.265978, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 2A 4F 00 ........ .....*O. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:58.266688, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.266818, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.266939, 3] smbd/process.c:1662(process_smb) > Transaction 135 of length 76 (0 toread) >[2012/08/30 15:27:58.267074, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.267143, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13696 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.268920, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 67 45 EC 03 ...gE.. >[2012/08/30 15:27:58.269072, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.269201, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.269326, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.269477, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.269630, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:27:58.269792, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:27:58.269917, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/HP_4515.ppd (fnum = 17767) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.270039, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/HP_4515.ppd (fnum = 17767) level=1004 max_data=40 >[2012/08/30 15:27:58.270168, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/HP_4515.ppd >[2012/08/30 15:27:58.270307, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.270442, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.270669, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.270801, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.271203, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.271322, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.271456, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.271557, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13696 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.272943, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 64 61 C6 CB E3 86 CD 01 0E E9 1C .....da. ........ > [0010] D9 E3 86 CD 01 64 61 C6 CB E3 86 CD 01 64 61 C6 .....da. .....da. > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.274331, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:58.274482, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:58.274602, 3] smbd/process.c:1662(process_smb) > Transaction 136 of length 74 (0 toread) >[2012/08/30 15:27:58.274739, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.274800, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13760 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:58.276640, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:58.276794, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.276925, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.277053, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:58.277194, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:58.277355, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:58.277476, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:58.277632, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.277715, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13760 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:58.280165, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:58.280496, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:58.285478, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.285664, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.285843, 3] smbd/process.c:1662(process_smb) > Transaction 137 of length 63 (0 toread) >[2012/08/30 15:27:58.285969, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.286034, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=13824 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17767 (0x4567) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=20266 (0x4F2A) > smb_vwv[ 6]=20266 (0x4F2A) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=20266 (0x4F2A) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.287972, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.288049, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.288187, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.288316, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.288437, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=20266 unlocked for fnum 17767 file x64/3/HP_4515.ppd >[2012/08/30 15:27:58.288599, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/HP_4515.ppd): pos = 0, size = 20266, returned 20266 >[2012/08/30 15:27:58.288733, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17767 max=20266 nread=20266 >[2012/08/30 15:27:58.299479, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 114 >[2012/08/30 15:27:58.299699, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x72 >[2012/08/30 15:27:58.299822, 3] smbd/process.c:1662(process_smb) > Transaction 138 of length 118 (0 toread) >[2012/08/30 15:27:58.299959, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.300021, 5] lib/util.c:342(show_msg) > size=114 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13888 > smt_wct=15 > smb_vwv[ 0]= 46 (0x2E) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 46 (0x2E) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=49 >[2012/08/30 15:27:58.302506, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 .5.u.i.. .d.l.l.. > [0030] 00 . >[2012/08/30 15:27:58.302901, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.303032, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.303164, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.303295, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/08/30 15:27:58.303428, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/PS5UI.DLL] >[2012/08/30 15:27:58.303621, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:58.303757, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/ps5ui.dll, dirpath = x64/3, start = ps5ui.dll >[2012/08/30 15:27:58.303902, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c04cf10:size f) X64/3/PS5UI.DLL -> x64/3/ps5ui.dll >[2012/08/30 15:27:58.304043, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/ps5ui.dll -> x64/3/ps5ui.dll >[2012/08/30 15:27:58.304161, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.304309, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] >[2012/08/30 15:27:58.304442, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll >[2012/08/30 15:27:58.304576, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = ps5ui.dll >[2012/08/30 15:27:58.304696, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.304846, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.304972, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.305089, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.305234, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.305355, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = ps5ui.dll, attr = 22 >[2012/08/30 15:27:58.305473, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.305603, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 >[2012/08/30 15:27:58.305740, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.305876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.306011, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.306189, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.306314, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) >[2012/08/30 15:27:58.306457, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.306579, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.306701, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.306825, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.306968, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 >[2012/08/30 15:27:58.307088, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 >[2012/08/30 15:27:58.307210, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.307272, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13888 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2012/08/30 15:27:58.308806, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. > [0010] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" > [0020] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. > [0030] 2E 28 7B CD 01 00 14 0B 00 00 00 00 00 00 00 10 .({..... ........ > [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 35 ........ ...p.s.5 > [0070] 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 .u.i...d .l.l. >[2012/08/30 15:27:58.309636, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.315438, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 114 >[2012/08/30 15:27:58.315649, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x72 >[2012/08/30 15:27:58.315770, 3] smbd/process.c:1662(process_smb) > Transaction 139 of length 118 (0 toread) >[2012/08/30 15:27:58.315891, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.315953, 5] lib/util.c:342(show_msg) > size=114 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13952 > smt_wct=15 > smb_vwv[ 0]= 46 (0x2E) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 46 (0x2E) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=49 >[2012/08/30 15:27:58.317830, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 00 .5.u.i.. .d.l.l.. > [0030] 00 . >[2012/08/30 15:27:58.318208, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.318369, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.318501, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.318647, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/08/30 15:27:58.318786, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] >[2012/08/30 15:27:58.319082, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.319224, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] >[2012/08/30 15:27:58.319519, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll >[2012/08/30 15:27:58.319662, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = ps5ui.dll >[2012/08/30 15:27:58.319782, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.319917, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.320895, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.321072, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.321219, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.321337, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = ps5ui.dll, attr = 22 >[2012/08/30 15:27:58.321477, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.321610, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c02dd90 now at offset -1 >[2012/08/30 15:27:58.321731, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.322014, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.322150, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.322282, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.322417, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[ps5ui.dll] found x64/3/ps5ui.dll fname=ps5ui.dll (ps5ui.dll) >[2012/08/30 15:27:58.322557, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.322689, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.322815, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.322950, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.323108, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 >[2012/08/30 15:27:58.323231, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 >[2012/08/30 15:27:58.323386, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.323449, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=13952 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2012/08/30 15:27:58.324871, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. > [0010] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" > [0020] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. > [0030] 2E 28 7B CD 01 00 14 0B 00 00 00 00 00 00 00 10 .({..... ........ > [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 35 ........ ...p.s.5 > [0070] 00 75 00 69 00 2E 00 64 00 6C 00 6C 00 .u.i...d .l.l. >[2012/08/30 15:27:58.325631, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=ps5ui.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.327679, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.327849, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.327976, 3] smbd/process.c:1662(process_smb) > Transaction 140 of length 122 (0 toread) >[2012/08/30 15:27:58.328095, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.328165, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14016 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:58.330515, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l > [0020] 00 00 00 ... >[2012/08/30 15:27:58.330804, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.330927, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.331050, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.331191, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/08/30 15:27:58.331361, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] >[2012/08/30 15:27:58.331525, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.331663, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] >[2012/08/30 15:27:58.331798, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll >[2012/08/30 15:27:58.331935, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.332058, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.332211, 5] smbd/files.c:140(file_new) > allocated file structure 13672, fnum = 17768 (4 used) >[2012/08/30 15:27:58.332351, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e >[2012/08/30 15:27:58.332474, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0744 >[2012/08/30 15:27:58.332593, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.332731, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.332876, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.332995, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.333131, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.333273, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.333442, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d360 >[2012/08/30 15:27:58.333579, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 >[2012/08/30 15:27:58.333716, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.333993, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.334144, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d5a0 >[2012/08/30 15:27:58.334266, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.334413, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.334541, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. >[2012/08/30 15:27:58.334676, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) >[2012/08/30 15:27:58.334803, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153914 >[2012/08/30 15:27:58.334924, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153914, tv_sec = 503fbebe, tv_usec = 511b1 >[2012/08/30 15:27:58.335065, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.335217, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.335373, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.335559, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.335687, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.335822, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.335943, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.336060, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.336199, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.336338, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.336465, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.336599, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17768, open name = x64/3/ps5ui.dll >[2012/08/30 15:27:58.337388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.337544, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.337676, 3] smbd/process.c:1662(process_smb) > Transaction 141 of length 76 (0 toread) >[2012/08/30 15:27:58.337830, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.337901, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14080 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.339681, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 68 45 EE 03 ...hE.. >[2012/08/30 15:27:58.339812, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.339929, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.340212, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:58.340355, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.340512, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.340635, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.340764, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17768) level=1006 call=7 total_data=0 >[2012/08/30 15:27:58.340890, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17768) level=1006 max_data=8 >[2012/08/30 15:27:58.341025, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.341143, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.341279, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.341418, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:58.341537, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:58.341690, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:58.341817, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.341878, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14080 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:58.343274, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 A7 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:58.344935, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.345112, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.345232, 3] smbd/process.c:1662(process_smb) > Transaction 142 of length 63 (0 toread) >[2012/08/30 15:27:58.345353, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.345415, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14144 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17768 (0x4568) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.347130, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.347202, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.347323, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.347465, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.347966, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17768 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.348113, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:58.348235, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17768 max=4096 nread=4096 >[2012/08/30 15:27:58.351683, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.351893, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.352033, 3] smbd/process.c:1662(process_smb) > Transaction 143 of length 45 (0 toread) >[2012/08/30 15:27:58.352152, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.352234, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14208 > smt_wct=3 > smb_vwv[ 0]=17768 (0x4568) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.353227, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.353292, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.353416, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.353553, 3] smbd/reply.c:4848(reply_close) > close fd=38 fnum=17768 (numopen=3) >[2012/08/30 15:27:58.353673, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.353830, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153914 has kernel oplock state of 1. >[2012/08/30 15:27:58.353976, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.354105, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04eef0 >[2012/08/30 15:27:58.354244, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.354387, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x36c0, type= 0x3, gen_id = 1302153914, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.354510, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.354636, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.354767, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/ps5ui.dll = 0 >[2012/08/30 15:27:58.354888, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/ps5ui.dll >[2012/08/30 15:27:58.355034, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/ps5ui.dll (numopen=2) NT_STATUS_OK >[2012/08/30 15:27:58.355168, 5] smbd/files.c:482(file_free) > freed files structure 17768 (3 used) >[2012/08/30 15:27:58.355290, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.355355, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14208 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.356999, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.361401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.361947, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.362140, 3] smbd/process.c:1662(process_smb) > Transaction 144 of length 122 (0 toread) >[2012/08/30 15:27:58.362348, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.362428, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14272 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:58.369562, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l > [0020] 00 00 00 ... >[2012/08/30 15:27:58.369977, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.370195, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.370429, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.370653, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/08/30 15:27:58.370866, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] >[2012/08/30 15:27:58.371056, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.371250, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] >[2012/08/30 15:27:58.371425, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll >[2012/08/30 15:27:58.371592, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.371755, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.371884, 5] smbd/files.c:140(file_new) > allocated file structure 13673, fnum = 17769 (4 used) >[2012/08/30 15:27:58.372011, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e >[2012/08/30 15:27:58.372143, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0744 >[2012/08/30 15:27:58.372266, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.375540, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.375673, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.375812, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.375950, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.376080, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.376236, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d360 >[2012/08/30 15:27:58.376374, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 >[2012/08/30 15:27:58.376495, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.376647, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.376786, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d5a0 >[2012/08/30 15:27:58.376923, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.377044, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.377178, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. >[2012/08/30 15:27:58.377299, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) >[2012/08/30 15:27:58.377424, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153915 >[2012/08/30 15:27:58.377567, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153915, tv_sec = 503fbebe, tv_usec = 5acab >[2012/08/30 15:27:58.377695, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.377833, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.377984, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.378115, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.378233, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.378370, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.378492, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.378610, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.378738, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.378891, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.379029, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.379164, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17769, open name = x64/3/ps5ui.dll >[2012/08/30 15:27:58.382180, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.382409, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.382555, 3] smbd/process.c:1662(process_smb) > Transaction 145 of length 45 (0 toread) >[2012/08/30 15:27:58.382697, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.382776, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14336 > smt_wct=3 > smb_vwv[ 0]=17769 (0x4569) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.383628, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.383695, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.383818, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.383955, 3] smbd/reply.c:4848(reply_close) > close fd=38 fnum=17769 (numopen=3) >[2012/08/30 15:27:58.385095, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.385240, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153915 has kernel oplock state of 1. >[2012/08/30 15:27:58.385428, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.385562, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04eef0 >[2012/08/30 15:27:58.385692, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.385836, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x37c0, type= 0x3, gen_id = 1302153915, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.386014, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.386141, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.386281, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/ps5ui.dll = 0 >[2012/08/30 15:27:58.386408, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/ps5ui.dll >[2012/08/30 15:27:58.386537, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/ps5ui.dll (numopen=2) NT_STATUS_OK >[2012/08/30 15:27:58.386669, 5] smbd/files.c:482(file_free) > freed files structure 17769 (3 used) >[2012/08/30 15:27:58.386797, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.386861, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14336 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.387746, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.388836, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.389011, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.389132, 3] smbd/process.c:1662(process_smb) > Transaction 146 of length 122 (0 toread) >[2012/08/30 15:27:58.389254, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.389316, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14400 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:58.399837, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 35 00 75 00 69 00 2E 00 64 00 6C 00 6C .s.5.u.i ...d.l.l > [0020] 00 00 00 ... >[2012/08/30 15:27:58.400124, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.400264, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.400406, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.400541, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/ps5ui.dll" >[2012/08/30 15:27:58.400666, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PS5UI.DLL] -> [x64/3/ps5ui.dll] >[2012/08/30 15:27:58.400757, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/ps5ui.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:58.400892, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/ps5ui.dll] -> [/var/lib/samba/printers/x64/3/ps5ui.dll] >[2012/08/30 15:27:58.401010, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/ps5ui.dll reduced to /var/lib/samba/printers/x64/3/ps5ui.dll >[2012/08/30 15:27:58.401132, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.401268, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/ps5ui.dll >[2012/08/30 15:27:58.401400, 5] smbd/files.c:140(file_new) > allocated file structure 13674, fnum = 17770 (4 used) >[2012/08/30 15:27:58.401527, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/ps5ui.dll hash 0xe1875e7e >[2012/08/30 15:27:58.401650, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/ps5ui.dll) returning 0744 >[2012/08/30 15:27:58.401783, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.401907, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.402028, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.402149, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.402289, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/ps5ui.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.402433, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.402572, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d360 >[2012/08/30 15:27:58.402710, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba7:0 >[2012/08/30 15:27:58.402843, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.402980, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:27:58.403105, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04d5a0 >[2012/08/30 15:27:58.403227, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.403346, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.403480, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/ps5ui.dll, flags = 00 mode = 0744, fd = 38. >[2012/08/30 15:27:58.403633, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/ps5ui.dll read=Yes write=No (numopen=3) >[2012/08/30 15:27:58.403761, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153916 >[2012/08/30 15:27:58.403885, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/ps5ui.dll, 801:23ba7:0/1302153916, tv_sec = 503fbebe, tv_usec = 61ff6 >[2012/08/30 15:27:58.404027, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.404166, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.404291, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:27:58.404423, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.404545, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.404664, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.404786, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.404918, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.405050, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.405203, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.405348, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.405467, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17770, open name = x64/3/ps5ui.dll >[2012/08/30 15:27:58.406915, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:58.407095, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:58.407216, 3] smbd/process.c:1662(process_smb) > Transaction 147 of length 90 (0 toread) >[2012/08/30 15:27:58.407342, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.407404, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14464 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17770 (0x456A) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:58.409921, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:58.410128, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.410250, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.410528, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:58.410652, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:58.411017, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 6A 45 01 00 ....jE.. >[2012/08/30 15:27:58.411158, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x456A] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:58.411299, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:58.411423, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.411484, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14464 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.412323, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.413337, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.413496, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.413751, 3] smbd/process.c:1662(process_smb) > Transaction 148 of length 76 (0 toread) >[2012/08/30 15:27:58.413879, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.413942, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14528 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.415675, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6A 45 ED 03 ...jE.. >[2012/08/30 15:27:58.415815, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.415952, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.416081, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:58.416218, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.416375, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.416495, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.416623, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1005 call=7 total_data=0 >[2012/08/30 15:27:58.416743, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1005 max_data=24 >[2012/08/30 15:27:58.416861, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.416980, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.417099, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.417222, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:58.417341, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:58.417619, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:58.417746, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.417808, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14528 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:58.420528, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 14 0B ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:58.421934, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.422117, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.422244, 3] smbd/process.c:1662(process_smb) > Transaction 149 of length 76 (0 toread) >[2012/08/30 15:27:58.422423, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.422496, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14592 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.424369, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6A 45 EC 03 ...jE.. >[2012/08/30 15:27:58.424529, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.424654, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.424833, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.424998, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.425142, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.425267, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.425399, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.425536, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1004 max_data=40 >[2012/08/30 15:27:58.425659, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.425795, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.426011, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.426136, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.426297, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:58.426677, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.426869, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.426989, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.427050, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14592 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.428624, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" > [0010] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:58.429755, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.429946, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:58.430211, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:58.430412, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:58.430560, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.430720, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.430855, 3] smbd/process.c:1662(process_smb) > Transaction 150 of length 76 (0 toread) >[2012/08/30 15:27:58.430972, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.431052, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14656 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.433138, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6A 45 FE 03 ...jE.. >[2012/08/30 15:27:58.433270, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.433441, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.433564, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:58.436332, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:58.436773, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:58.436913, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:58.437064, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.437201, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.437324, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.437444, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1022 call=7 total_data=0 >[2012/08/30 15:27:58.437564, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1022 max_data=4094 >[2012/08/30 15:27:58.437686, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.437805, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.437926, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.438076, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:58.438201, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:58.438341, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:58.438480, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.438541, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14656 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:58.439986, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 14 0B ........ ........ > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:58.440815, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.440968, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.441093, 3] smbd/process.c:1662(process_smb) > Transaction 151 of length 76 (0 toread) >[2012/08/30 15:27:58.441214, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.441275, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14720 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.443116, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6A 45 EC 03 ...jE.. >[2012/08/30 15:27:58.443249, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.443387, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.443559, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.443711, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.443870, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:27:58.443991, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:27:58.444130, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/ps5ui.dll (fnum = 17770) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.444269, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/ps5ui.dll (fnum = 17770) level=1004 max_data=40 >[2012/08/30 15:27:58.444401, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/ps5ui.dll >[2012/08/30 15:27:58.444527, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.444651, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.444775, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.444912, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:58.445309, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.445444, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.445561, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.445648, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14720 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.447092, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 24 26 B0 2E 28 7B CD 01 F5 54 22 .....$&. .({...T" > [0010] CC E3 86 CD 01 24 26 B0 2E 28 7B CD 01 24 26 B0 .....$&. .({..$&. > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:58.448592, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:58.448887, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:58.449008, 3] smbd/process.c:1662(process_smb) > Transaction 152 of length 74 (0 toread) >[2012/08/30 15:27:58.449143, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.449211, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14784 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:58.450927, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:58.451078, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.451219, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.451347, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:58.451489, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:58.451637, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:58.451759, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:58.451877, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.451950, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=14784 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:58.453342, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:58.453667, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:58.454936, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.455201, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.455434, 3] smbd/process.c:1662(process_smb) > Transaction 153 of length 63 (0 toread) >[2012/08/30 15:27:58.455679, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.455856, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14848 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.458664, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.458746, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.458872, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.459000, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.459122, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.459275, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 0, size = 32768, returned 32768 >[2012/08/30 15:27:58.459415, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.459817, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.459954, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.460075, 3] smbd/process.c:1662(process_smb) > Transaction 154 of length 63 (0 toread) >[2012/08/30 15:27:58.460193, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.460255, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14927 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.462497, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.462575, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.462760, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.462955, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.463141, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.463353, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 32768, size = 32768, returned 32768 >[2012/08/30 15:27:58.463603, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.464761, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.464918, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.465040, 3] smbd/process.c:1662(process_smb) > Transaction 155 of length 63 (0 toread) >[2012/08/30 15:27:58.465162, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.465223, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=14990 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.467174, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.467259, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.467381, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.467558, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.467818, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.467972, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 65536, size = 32768, returned 32768 >[2012/08/30 15:27:58.468132, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.468477, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.468613, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.468739, 3] smbd/process.c:1662(process_smb) > Transaction 156 of length 63 (0 toread) >[2012/08/30 15:27:58.468989, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.469055, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15053 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.470749, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.470820, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.470949, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.471076, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.471211, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.471368, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 98304, size = 32768, returned 32768 >[2012/08/30 15:27:58.471521, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.471879, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.472010, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.472129, 3] smbd/process.c:1662(process_smb) > Transaction 157 of length 63 (0 toread) >[2012/08/30 15:27:58.472251, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.472435, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15116 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.474075, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.474144, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.474263, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.474388, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.474507, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.474675, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 131072, size = 32768, returned 32768 >[2012/08/30 15:27:58.474825, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.475183, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.475439, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.475616, 3] smbd/process.c:1662(process_smb) > Transaction 158 of length 63 (0 toread) >[2012/08/30 15:27:58.475736, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.475917, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15179 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.477449, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.477516, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.477795, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.477920, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.478042, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.478183, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 163840, size = 32768, returned 32768 >[2012/08/30 15:27:58.478307, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.478656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.478788, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.478909, 3] smbd/process.c:1662(process_smb) > Transaction 159 of length 63 (0 toread) >[2012/08/30 15:27:58.479162, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.479225, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15242 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.480901, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.480965, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.481086, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.481225, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.481343, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.481507, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 196608, size = 32768, returned 32768 >[2012/08/30 15:27:58.481661, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.482288, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.482583, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.482706, 3] smbd/process.c:1662(process_smb) > Transaction 160 of length 63 (0 toread) >[2012/08/30 15:27:58.482825, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.483006, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15305 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.484563, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.484638, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.484761, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.484885, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.485026, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.485182, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 229376, size = 32768, returned 32768 >[2012/08/30 15:27:58.485305, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.485877, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.486026, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.486144, 3] smbd/process.c:1662(process_smb) > Transaction 161 of length 63 (0 toread) >[2012/08/30 15:27:58.486266, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.486327, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15368 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.487876, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.487958, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.488078, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.488348, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.488470, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.488618, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 262144, size = 32768, returned 32768 >[2012/08/30 15:27:58.488741, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.489245, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.489380, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.489653, 3] smbd/process.c:1662(process_smb) > Transaction 162 of length 63 (0 toread) >[2012/08/30 15:27:58.489773, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.489834, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15431 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.492743, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.492880, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.493005, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.493129, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.493250, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.493407, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 294912, size = 32768, returned 32768 >[2012/08/30 15:27:58.493575, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.494286, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.494423, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.494559, 3] smbd/process.c:1662(process_smb) > Transaction 163 of length 63 (0 toread) >[2012/08/30 15:27:58.494680, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.494742, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15494 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.496325, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.496390, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.496508, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.496632, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.496765, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.496913, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 327680, size = 32768, returned 32768 >[2012/08/30 15:27:58.497051, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.498902, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.499082, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.499204, 3] smbd/process.c:1662(process_smb) > Transaction 164 of length 63 (0 toread) >[2012/08/30 15:27:58.499325, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.499390, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15557 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.501021, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.501088, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.501209, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.501333, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.501486, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.501643, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 360448, size = 32768, returned 32768 >[2012/08/30 15:27:58.501768, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.503060, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.503240, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.503371, 3] smbd/process.c:1662(process_smb) > Transaction 165 of length 63 (0 toread) >[2012/08/30 15:27:58.503547, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.503618, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15620 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.505153, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.505219, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.505354, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.505477, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.505598, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.505757, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 393216, size = 32768, returned 32768 >[2012/08/30 15:27:58.505881, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.506277, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.506415, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.506551, 3] smbd/process.c:1662(process_smb) > Transaction 166 of length 63 (0 toread) >[2012/08/30 15:27:58.506673, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.506739, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15683 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.508541, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.508625, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.508769, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.508912, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.509079, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.509262, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 425984, size = 32768, returned 32768 >[2012/08/30 15:27:58.509410, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.510028, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.510199, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.510348, 3] smbd/process.c:1662(process_smb) > Transaction 167 of length 63 (0 toread) >[2012/08/30 15:27:58.510475, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.510537, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15746 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.512187, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.512272, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.512413, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.512551, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.512686, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.512858, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 458752, size = 32768, returned 32768 >[2012/08/30 15:27:58.512989, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.518960, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.519154, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.519322, 3] smbd/process.c:1662(process_smb) > Transaction 168 of length 63 (0 toread) >[2012/08/30 15:27:58.519443, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.519560, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15809 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.521258, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.521326, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.521448, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.521616, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.521738, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.521907, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 491520, size = 32768, returned 32768 >[2012/08/30 15:27:58.522043, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.523367, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.523604, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.523742, 3] smbd/process.c:1662(process_smb) > Transaction 169 of length 63 (0 toread) >[2012/08/30 15:27:58.523898, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.523960, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15872 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.525563, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.525631, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.525913, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.526052, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.526201, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.526369, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 524288, size = 32768, returned 32768 >[2012/08/30 15:27:58.526496, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.526860, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.527117, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.527265, 3] smbd/process.c:1662(process_smb) > Transaction 170 of length 63 (0 toread) >[2012/08/30 15:27:58.527396, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.527463, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=15951 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.529048, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.529152, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.529287, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.529425, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.529560, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=557056 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.529756, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 557056, size = 32768, returned 32768 >[2012/08/30 15:27:58.529888, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.530264, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.530400, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.530641, 3] smbd/process.c:1662(process_smb) > Transaction 171 of length 63 (0 toread) >[2012/08/30 15:27:58.530774, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.530842, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16014 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.532590, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.532658, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.532792, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.532930, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.533065, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=589824 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.533234, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 589824, size = 32768, returned 32768 >[2012/08/30 15:27:58.533389, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.533791, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.533930, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.534168, 3] smbd/process.c:1662(process_smb) > Transaction 172 of length 63 (0 toread) >[2012/08/30 15:27:58.534305, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.534373, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16077 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.536004, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.536070, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.536190, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.536313, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.536447, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=622592 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.536614, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 622592, size = 32768, returned 32768 >[2012/08/30 15:27:58.536744, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.537093, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.537234, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.537642, 3] smbd/process.c:1662(process_smb) > Transaction 173 of length 63 (0 toread) >[2012/08/30 15:27:58.537771, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.537836, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16140 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 10 (0xA) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.539441, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.539559, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.539705, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.539828, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.539965, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=655360 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.540091, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 655360, size = 32768, returned 32768 >[2012/08/30 15:27:58.540336, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.540713, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.540968, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.541128, 3] smbd/process.c:1662(process_smb) > Transaction 174 of length 63 (0 toread) >[2012/08/30 15:27:58.541264, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.541338, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16203 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 10 (0xA) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.542968, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.543047, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.543183, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.543329, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.543465, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=688128 len=32768 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.544491, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 688128, size = 32768, returned 32768 >[2012/08/30 15:27:58.544631, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=32768 nread=32768 >[2012/08/30 15:27:58.545003, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.545153, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.545275, 3] smbd/process.c:1662(process_smb) > Transaction 175 of length 63 (0 toread) >[2012/08/30 15:27:58.545507, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.545588, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16266 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17770 (0x456A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 11 (0xB) > smb_vwv[ 5]= 5120 (0x1400) > smb_vwv[ 6]= 5120 (0x1400) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 5120 (0x1400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.547189, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.547267, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.547396, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.547567, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/ps5ui.dll >[2012/08/30 15:27:58.547709, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=720896 len=5120 unlocked for fnum 17770 file x64/3/ps5ui.dll >[2012/08/30 15:27:58.547869, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/ps5ui.dll): pos = 720896, size = 5120, returned 5120 >[2012/08/30 15:27:58.547999, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17770 max=5120 nread=5120 >[2012/08/30 15:27:58.554725, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.554931, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.555051, 3] smbd/process.c:1662(process_smb) > Transaction 176 of length 122 (0 toread) >[2012/08/30 15:27:58.555169, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.555231, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16330 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.556965, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C .c.r.i.p .t...h.l > [0030] 00 70 00 00 00 .p... >[2012/08/30 15:27:58.557299, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.557418, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.557543, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.557671, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/08/30 15:27:58.557793, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT.HLP] >[2012/08/30 15:27:58.557912, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:58.558047, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript.hlp, dirpath = x64/3, start = pscript.hlp >[2012/08/30 15:27:58.558201, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c04ef90:size 11) X64/3/PSCRIPT.HLP -> x64/3/pscript.hlp >[2012/08/30 15:27:58.558318, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript.hlp -> x64/3/pscript.hlp >[2012/08/30 15:27:58.558437, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] >[2012/08/30 15:27:58.558568, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] >[2012/08/30 15:27:58.558685, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp >[2012/08/30 15:27:58.558849, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.hlp >[2012/08/30 15:27:58.558968, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.560698, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.560871, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.561028, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.561187, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.561406, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.hlp, attr = 22 >[2012/08/30 15:27:58.561550, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.561705, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c02d410 now at offset -1 >[2012/08/30 15:27:58.561848, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.562146, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.562284, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.562483, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.562621, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) >[2012/08/30 15:27:58.562762, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.562898, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.563035, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.563170, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.563314, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.563448, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.563541, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.563611, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16330 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.565352, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ > [0020] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ > [0030] CB E3 86 CD 01 B6 65 00 00 00 00 00 00 00 00 10 ......e. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 70 .r.i.p.t ...h.l.p > [0080] 00 . >[2012/08/30 15:27:58.566176, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.571090, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.571274, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.571395, 3] smbd/process.c:1662(process_smb) > Transaction 177 of length 122 (0 toread) >[2012/08/30 15:27:58.571560, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.571632, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16394 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.573505, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C .c.r.i.p .t...h.l > [0030] 00 70 00 00 00 .p... >[2012/08/30 15:27:58.573864, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.574159, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.574285, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.574414, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/08/30 15:27:58.574537, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] >[2012/08/30 15:27:58.574662, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] >[2012/08/30 15:27:58.574792, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] >[2012/08/30 15:27:58.574909, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp >[2012/08/30 15:27:58.575048, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.hlp >[2012/08/30 15:27:58.575168, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.575285, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.575412, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.575562, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.575702, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.575819, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.hlp, attr = 22 >[2012/08/30 15:27:58.575936, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.576064, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 >[2012/08/30 15:27:58.576184, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.576303, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.576421, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.576551, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.576669, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.hlp] found x64/3/pscript.hlp fname=pscript.hlp (pscript.hlp) >[2012/08/30 15:27:58.576792, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.576910, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.577030, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.577165, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.577298, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.577416, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.577534, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.577595, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16394 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.579021, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ > [0020] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ > [0030] CB E3 86 CD 01 B6 65 00 00 00 00 00 00 00 00 10 ......e. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 2E 00 68 00 6C 00 70 .r.i.p.t ...h.l.p > [0080] 00 . >[2012/08/30 15:27:58.579847, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.hlp directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.581574, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.581733, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.581853, 3] smbd/process.c:1662(process_smb) > Transaction 178 of length 126 (0 toread) >[2012/08/30 15:27:58.582001, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.582063, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16458 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.584304, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h > [0020] 00 6C 00 70 00 00 00 .l.p... >[2012/08/30 15:27:58.584588, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.584707, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.584833, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.584959, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/08/30 15:27:58.585082, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] >[2012/08/30 15:27:58.585219, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] >[2012/08/30 15:27:58.585348, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] >[2012/08/30 15:27:58.585465, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp >[2012/08/30 15:27:58.585601, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.585724, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.586027, 5] smbd/files.c:140(file_new) > allocated file structure 13675, fnum = 17771 (5 used) >[2012/08/30 15:27:58.586153, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe >[2012/08/30 15:27:58.586295, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.hlp) returning 0744 >[2012/08/30 15:27:58.586414, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.586539, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.586657, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.586775, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.586900, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.587026, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.587176, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f470 >[2012/08/30 15:27:58.587298, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 >[2012/08/30 15:27:58.587420, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.587582, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.587720, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f6b0 >[2012/08/30 15:27:58.587845, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.587969, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.588097, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. >[2012/08/30 15:27:58.588216, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) >[2012/08/30 15:27:58.588352, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153917 >[2012/08/30 15:27:58.588479, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153917, tv_sec = 503fbebe, tv_usec = 8f129 >[2012/08/30 15:27:58.588604, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.588750, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.588874, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.589000, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.589120, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.589239, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.589357, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.589477, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.589601, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.589736, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.589906, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.590024, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17771, open name = x64/3/pscript.hlp >[2012/08/30 15:27:58.590648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.590786, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.590905, 3] smbd/process.c:1662(process_smb) > Transaction 179 of length 76 (0 toread) >[2012/08/30 15:27:58.591025, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.591087, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16522 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.592992, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6B 45 EE 03 ...kE.. >[2012/08/30 15:27:58.593135, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.593272, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.593394, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:58.593525, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.593675, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.593794, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.593940, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17771) level=1006 call=7 total_data=0 >[2012/08/30 15:27:58.594083, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17771) level=1006 max_data=8 >[2012/08/30 15:27:58.594211, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.594329, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.594449, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.594571, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:58.594690, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:58.594810, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:58.594927, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.594989, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16522 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:58.596408, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 A8 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:58.597743, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.597893, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.598015, 3] smbd/process.c:1662(process_smb) > Transaction 180 of length 63 (0 toread) >[2012/08/30 15:27:58.598133, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.598194, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16586 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17771 (0x456B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.599722, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.599786, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.599908, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.600031, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.hlp >[2012/08/30 15:27:58.600150, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17771 file x64/3/pscript.hlp >[2012/08/30 15:27:58.600285, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.hlp): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:58.600411, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17771 max=4096 nread=4096 >[2012/08/30 15:27:58.603542, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.603731, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.603917, 3] smbd/process.c:1662(process_smb) > Transaction 181 of length 45 (0 toread) >[2012/08/30 15:27:58.604049, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.604112, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16650 > smt_wct=3 > smb_vwv[ 0]=17771 (0x456B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.605095, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.605164, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.606134, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.606272, 3] smbd/reply.c:4848(reply_close) > close fd=39 fnum=17771 (numopen=4) >[2012/08/30 15:27:58.606414, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.606551, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153917 has kernel oplock state of 1. >[2012/08/30 15:27:58.606692, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.606824, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c050f70 >[2012/08/30 15:27:58.606942, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.607085, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x404a, type= 0x3, gen_id = 1302153917, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.607251, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.607373, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.607531, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.hlp = 0 >[2012/08/30 15:27:58.607663, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.hlp >[2012/08/30 15:27:58.607793, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.hlp (numopen=3) NT_STATUS_OK >[2012/08/30 15:27:58.607920, 5] smbd/files.c:482(file_free) > freed files structure 17771 (4 used) >[2012/08/30 15:27:58.608044, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.608106, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16650 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.608890, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.611411, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.611661, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.611815, 3] smbd/process.c:1662(process_smb) > Transaction 182 of length 126 (0 toread) >[2012/08/30 15:27:58.611944, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.612008, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16714 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.614965, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h > [0020] 00 6C 00 70 00 00 00 .l.p... >[2012/08/30 15:27:58.615337, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.615477, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.616414, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.616562, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/08/30 15:27:58.616691, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] >[2012/08/30 15:27:58.616835, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] >[2012/08/30 15:27:58.617001, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] >[2012/08/30 15:27:58.617124, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp >[2012/08/30 15:27:58.617247, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.617406, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.617535, 5] smbd/files.c:140(file_new) > allocated file structure 13676, fnum = 17772 (5 used) >[2012/08/30 15:27:58.617690, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe >[2012/08/30 15:27:58.617846, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.hlp) returning 0744 >[2012/08/30 15:27:58.617970, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.618110, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.618258, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.618409, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.620273, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.620454, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.620637, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f470 >[2012/08/30 15:27:58.620815, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 >[2012/08/30 15:27:58.620975, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.621161, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.621334, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f6b0 >[2012/08/30 15:27:58.621487, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.621679, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.622020, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. >[2012/08/30 15:27:58.622170, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) >[2012/08/30 15:27:58.622331, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153918 >[2012/08/30 15:27:58.622499, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153918, tv_sec = 503fbebe, tv_usec = 96c3d >[2012/08/30 15:27:58.622664, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.622858, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.623036, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.623314, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.623461, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.623556, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.623721, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.623860, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.623990, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.624147, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.624294, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.624456, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17772, open name = x64/3/pscript.hlp >[2012/08/30 15:27:58.626894, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.627181, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.627309, 3] smbd/process.c:1662(process_smb) > Transaction 183 of length 45 (0 toread) >[2012/08/30 15:27:58.627475, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.627619, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16778 > smt_wct=3 > smb_vwv[ 0]=17772 (0x456C) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.628795, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.628880, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.629005, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.629131, 3] smbd/reply.c:4848(reply_close) > close fd=39 fnum=17772 (numopen=4) >[2012/08/30 15:27:58.629309, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.629474, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153918 has kernel oplock state of 1. >[2012/08/30 15:27:58.629619, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.629752, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c050f70 >[2012/08/30 15:27:58.629914, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.630099, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x414a, type= 0x3, gen_id = 1302153918, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.630264, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.630397, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.630568, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.hlp = 0 >[2012/08/30 15:27:58.630753, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.hlp >[2012/08/30 15:27:58.630885, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.hlp (numopen=3) NT_STATUS_OK >[2012/08/30 15:27:58.631010, 5] smbd/files.c:482(file_free) > freed files structure 17772 (4 used) >[2012/08/30 15:27:58.631150, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.631239, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=16778 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.632221, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.633648, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.633911, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.634332, 3] smbd/process.c:1662(process_smb) > Transaction 184 of length 126 (0 toread) >[2012/08/30 15:27:58.634472, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.634588, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16842 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.637145, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 68 .s.c.r.i .p.t...h > [0020] 00 6C 00 70 00 00 00 .l.p... >[2012/08/30 15:27:58.637498, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.637639, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.637773, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.637901, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.hlp" >[2012/08/30 15:27:58.638059, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.HLP] -> [x64/3/pscript.hlp] >[2012/08/30 15:27:58.638222, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.hlp] [/var/lib/samba/printers] >[2012/08/30 15:27:58.638371, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.hlp] -> [/var/lib/samba/printers/x64/3/pscript.hlp] >[2012/08/30 15:27:58.638533, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.hlp reduced to /var/lib/samba/printers/x64/3/pscript.hlp >[2012/08/30 15:27:58.638672, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.638824, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.hlp >[2012/08/30 15:27:58.638959, 5] smbd/files.c:140(file_new) > allocated file structure 13677, fnum = 17773 (5 used) >[2012/08/30 15:27:58.639101, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.hlp hash 0x5179febe >[2012/08/30 15:27:58.639226, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.hlp) returning 0744 >[2012/08/30 15:27:58.639366, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.639530, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.639677, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.639831, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.640080, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.hlp, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.640226, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.640368, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f470 >[2012/08/30 15:27:58.640497, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba8:0 >[2012/08/30 15:27:58.640622, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.640773, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:27:58.640940, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04f6b0 >[2012/08/30 15:27:58.641100, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.641223, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.641370, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.hlp, flags = 00 mode = 0744, fd = 39. >[2012/08/30 15:27:58.641494, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.hlp read=Yes write=No (numopen=4) >[2012/08/30 15:27:58.641639, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153919 >[2012/08/30 15:27:58.641766, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.hlp, 801:23ba8:0/1302153919, tv_sec = 503fbebe, tv_usec = 9bfed >[2012/08/30 15:27:58.641909, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.642090, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.642255, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:27:58.642433, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.642570, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.642693, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.642859, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.642996, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.643153, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.643337, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.643484, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.hlp >[2012/08/30 15:27:58.643621, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17773, open name = x64/3/pscript.hlp >[2012/08/30 15:27:58.644576, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:58.644758, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:58.644915, 3] smbd/process.c:1662(process_smb) > Transaction 185 of length 90 (0 toread) >[2012/08/30 15:27:58.645062, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.645140, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16906 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17773 (0x456D) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:58.647842, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:58.647988, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.648112, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.648266, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:58.648408, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:58.648548, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 6D 45 01 00 ....mE.. >[2012/08/30 15:27:58.648708, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x456D] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:58.648873, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:58.649018, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.649107, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16906 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.650033, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.650620, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.650784, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.650931, 3] smbd/process.c:1662(process_smb) > Transaction 186 of length 76 (0 toread) >[2012/08/30 15:27:58.651059, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.651149, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16970 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.653106, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6D 45 ED 03 ...mE.. >[2012/08/30 15:27:58.653289, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.653443, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.653598, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:58.653856, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.654044, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.654208, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.654376, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1005 call=7 total_data=0 >[2012/08/30 15:27:58.654506, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1005 max_data=24 >[2012/08/30 15:27:58.654644, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.654797, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.654935, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.655063, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:58.655187, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:58.655326, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:58.655472, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.655559, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=16970 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:58.657220, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 B6 65 00 ........ ......e. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:58.658073, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.658222, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.658389, 3] smbd/process.c:1662(process_smb) > Transaction 187 of length 76 (0 toread) >[2012/08/30 15:27:58.658512, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.658575, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17034 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.660494, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6D 45 EC 03 ...mE.. >[2012/08/30 15:27:58.660628, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.660775, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.660906, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.661053, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.661211, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.661350, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.661503, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.661628, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1004 max_data=40 >[2012/08/30 15:27:58.661779, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.661961, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.662101, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.662255, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.662415, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.662864, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.662987, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.663133, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.663211, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17034 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.664822, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ > [0010] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.666094, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.666278, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.666403, 3] smbd/process.c:1662(process_smb) > Transaction 188 of length 76 (0 toread) >[2012/08/30 15:27:58.666550, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.666629, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17098 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.668592, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6D 45 FE 03 ...mE.. >[2012/08/30 15:27:58.668744, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.668882, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.669009, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:58.669302, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.669486, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.669613, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.669905, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1022 call=7 total_data=0 >[2012/08/30 15:27:58.670047, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1022 max_data=4094 >[2012/08/30 15:27:58.670189, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.670327, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.670464, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.670592, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:58.670751, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:58.670889, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:58.671012, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.671099, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17098 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:58.672677, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 B6 65 00 ........ ......e. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:58.674091, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.674314, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.674455, 3] smbd/process.c:1662(process_smb) > Transaction 189 of length 76 (0 toread) >[2012/08/30 15:27:58.674610, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.674675, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17162 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.676783, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6D 45 EC 03 ...mE.. >[2012/08/30 15:27:58.676936, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.677069, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.677202, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.677345, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.677521, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:27:58.677719, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:27:58.677849, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.hlp (fnum = 17773) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.677989, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.hlp (fnum = 17773) level=1004 max_data=40 >[2012/08/30 15:27:58.678113, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.hlp >[2012/08/30 15:27:58.678281, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.678406, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.678548, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.678689, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.679118, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.679260, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.679413, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.679477, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17162 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.681189, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 FE CA D0 CB E3 86 CD 01 11 9C 2E ........ ........ > [0010] D9 E3 86 CD 01 FE CA D0 CB E3 86 CD 01 FE CA D0 ........ ........ > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.683364, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:58.683680, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:58.683823, 3] smbd/process.c:1662(process_smb) > Transaction 190 of length 74 (0 toread) >[2012/08/30 15:27:58.683962, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.684026, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17226 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:58.686419, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:58.686596, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.686741, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.686923, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:58.687082, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:58.687232, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:58.687396, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:58.687566, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.687639, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17226 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:58.689399, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:58.689779, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:58.691384, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.691587, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.691741, 3] smbd/process.c:1662(process_smb) > Transaction 191 of length 63 (0 toread) >[2012/08/30 15:27:58.691956, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.692036, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17290 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17773 (0x456D) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=26038 (0x65B6) > smb_vwv[ 6]=26038 (0x65B6) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=26038 (0x65B6) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.694243, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.694338, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.694466, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.694629, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.hlp >[2012/08/30 15:27:58.694757, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=26038 unlocked for fnum 17773 file x64/3/pscript.hlp >[2012/08/30 15:27:58.694944, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.hlp): pos = 0, size = 26038, returned 26038 >[2012/08/30 15:27:58.695079, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17773 max=26038 nread=26038 >[2012/08/30 15:27:58.703731, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.703951, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.704074, 3] smbd/process.c:1662(process_smb) > Transaction 192 of length 122 (0 toread) >[2012/08/30 15:27:58.704205, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.704273, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17354 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.705996, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 .c.r.i.p .t...n.t > [0030] 00 66 00 00 00 .f... >[2012/08/30 15:27:58.706521, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.706644, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.706789, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.706954, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/08/30 15:27:58.707083, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/PSCRIPT.NTF] >[2012/08/30 15:27:58.707204, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:58.707330, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/pscript.ntf, dirpath = x64/3, start = pscript.ntf >[2012/08/30 15:27:58.707575, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c051000:size 11) X64/3/PSCRIPT.NTF -> x64/3/pscript.ntf >[2012/08/30 15:27:58.707706, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/pscript.ntf -> x64/3/pscript.ntf >[2012/08/30 15:27:58.707841, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] >[2012/08/30 15:27:58.707974, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] >[2012/08/30 15:27:58.708094, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf >[2012/08/30 15:27:58.708231, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.ntf >[2012/08/30 15:27:58.708618, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.708743, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.709392, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.709594, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.709751, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.709876, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.ntf, attr = 22 >[2012/08/30 15:27:58.710001, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.710189, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c02dd90 now at offset -1 >[2012/08/30 15:27:58.710314, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.710436, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.710575, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.710759, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.710884, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) >[2012/08/30 15:27:58.711016, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.711138, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.711298, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.711434, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.711648, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.711787, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.711908, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.711970, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17354 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.713706, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 > [0020] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. > [0030] CB E3 86 CD 01 C4 2E 10 00 00 00 00 00 00 00 20 ........ ....... > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 00 66 .r.i.p.t ...n.t.f > [0080] 00 . >[2012/08/30 15:27:58.719339, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.720380, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:58.720566, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:58.720718, 3] smbd/process.c:1662(process_smb) > Transaction 193 of length 122 (0 toread) >[2012/08/30 15:27:58.720878, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.720966, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17418 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:58.722840, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 00 73 .x.6.4.\ .3.\.p.s > [0020] 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 .c.r.i.p .t...n.t > [0030] 00 66 00 00 00 .f... >[2012/08/30 15:27:58.723214, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.723361, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.723506, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:58.723666, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/08/30 15:27:58.723882, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] >[2012/08/30 15:27:58.724011, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] >[2012/08/30 15:27:58.724143, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] >[2012/08/30 15:27:58.724263, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf >[2012/08/30 15:27:58.724398, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = pscript.ntf >[2012/08/30 15:27:58.724537, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:58.724712, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:58.724851, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:58.724992, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:58.725137, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:58.725257, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = pscript.ntf, attr = 22 >[2012/08/30 15:27:58.725404, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:58.725541, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c028850 now at offset -1 >[2012/08/30 15:27:58.725678, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.725799, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.725937, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.726082, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:58.726217, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[pscript.ntf] found x64/3/pscript.ntf fname=pscript.ntf (pscript.ntf) >[2012/08/30 15:27:58.726356, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:58.726503, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:58.726632, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:58.726761, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:58.726920, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:58.727044, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:58.727207, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.727271, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17418 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:58.728973, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 > [0020] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. > [0030] CB E3 86 CD 01 C4 2E 10 00 00 00 00 00 00 00 20 ........ ....... > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 70 00 73 00 63 ........ ...p.s.c > [0070] 00 72 00 69 00 70 00 74 00 2E 00 6E 00 74 00 66 .r.i.p.t ...n.t.f > [0080] 00 . >[2012/08/30 15:27:58.730091, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=pscript.ntf directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:58.732339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.732549, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.732693, 3] smbd/process.c:1662(process_smb) > Transaction 194 of length 126 (0 toread) >[2012/08/30 15:27:58.732828, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.732907, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17482 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.735390, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n > [0020] 00 74 00 66 00 00 00 .t.f... >[2012/08/30 15:27:58.735693, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.735831, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.735972, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.736130, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/08/30 15:27:58.736279, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] >[2012/08/30 15:27:58.736407, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] >[2012/08/30 15:27:58.736571, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] >[2012/08/30 15:27:58.736692, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf >[2012/08/30 15:27:58.736814, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.736939, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.737083, 5] smbd/files.c:140(file_new) > allocated file structure 13678, fnum = 17774 (6 used) >[2012/08/30 15:27:58.737209, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 >[2012/08/30 15:27:58.737332, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.ntf) returning 0744 >[2012/08/30 15:27:58.737468, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.737592, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.737729, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.737873, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.737995, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.738130, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.738304, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0514e0 >[2012/08/30 15:27:58.738425, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 >[2012/08/30 15:27:58.738590, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.738746, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.738887, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c051720 >[2012/08/30 15:27:58.739034, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.739213, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.739359, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. >[2012/08/30 15:27:58.739488, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) >[2012/08/30 15:27:58.739689, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153920 >[2012/08/30 15:27:58.739835, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153920, tv_sec = 503fbebe, tv_usec = b3f39 >[2012/08/30 15:27:58.739967, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.740120, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.740249, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.740536, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.740668, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.740813, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.740951, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.741075, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.741208, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.741351, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.741504, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.741659, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17774, open name = x64/3/pscript.ntf >[2012/08/30 15:27:58.743172, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.743383, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.743589, 3] smbd/process.c:1662(process_smb) > Transaction 195 of length 76 (0 toread) >[2012/08/30 15:27:58.743740, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.743814, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17546 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.746046, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 6E 45 EE 03 ...nE.. >[2012/08/30 15:27:58.746244, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.746410, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.746573, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:58.747264, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.747477, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.747653, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.747803, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17774) level=1006 call=7 total_data=0 >[2012/08/30 15:27:58.747943, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17774) level=1006 max_data=8 >[2012/08/30 15:27:58.748124, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.748280, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.748404, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.748546, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:58.748709, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:58.748838, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:58.749328, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.749411, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17546 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:58.751250, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 A9 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:58.753260, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.753454, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.753597, 3] smbd/process.c:1662(process_smb) > Transaction 196 of length 63 (0 toread) >[2012/08/30 15:27:58.753748, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.753828, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17610 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17774 (0x456E) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.755783, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.755857, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.755981, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.756109, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.756233, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17774 file x64/3/pscript.ntf >[2012/08/30 15:27:58.756387, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:58.756527, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17774 max=4096 nread=4096 >[2012/08/30 15:27:58.760461, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.760715, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.760863, 3] smbd/process.c:1662(process_smb) > Transaction 197 of length 45 (0 toread) >[2012/08/30 15:27:58.760993, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.761055, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17674 > smt_wct=3 > smb_vwv[ 0]=17774 (0x456E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.762243, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.762329, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.762475, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.762633, 3] smbd/reply.c:4848(reply_close) > close fd=40 fnum=17774 (numopen=5) >[2012/08/30 15:27:58.762779, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.762926, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153920 has kernel oplock state of 1. >[2012/08/30 15:27:58.763070, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.763216, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c052fe0 >[2012/08/30 15:27:58.763367, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.763591, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x444a, type= 0x3, gen_id = 1302153920, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.763730, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.763876, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.764021, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.ntf = 0 >[2012/08/30 15:27:58.764147, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.ntf >[2012/08/30 15:27:58.764305, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.ntf (numopen=4) NT_STATUS_OK >[2012/08/30 15:27:58.764430, 5] smbd/files.c:482(file_free) > freed files structure 17774 (5 used) >[2012/08/30 15:27:58.764570, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.764642, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17674 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.765619, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.766622, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.766801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.766925, 3] smbd/process.c:1662(process_smb) > Transaction 198 of length 126 (0 toread) >[2012/08/30 15:27:58.767070, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.767139, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17738 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.769645, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n > [0020] 00 74 00 66 00 00 00 .t.f... >[2012/08/30 15:27:58.769992, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.770158, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.770296, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.770444, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/08/30 15:27:58.770586, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] >[2012/08/30 15:27:58.770730, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] >[2012/08/30 15:27:58.770879, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] >[2012/08/30 15:27:58.771001, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf >[2012/08/30 15:27:58.771123, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.771280, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.771436, 5] smbd/files.c:140(file_new) > allocated file structure 13679, fnum = 17775 (6 used) >[2012/08/30 15:27:58.771638, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 >[2012/08/30 15:27:58.771778, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.ntf) returning 0744 >[2012/08/30 15:27:58.771916, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.772052, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.772194, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.772318, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.772456, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.772600, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.772731, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0514e0 >[2012/08/30 15:27:58.772852, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 >[2012/08/30 15:27:58.772992, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.773158, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.773306, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c051720 >[2012/08/30 15:27:58.773463, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.773601, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.773743, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. >[2012/08/30 15:27:58.773880, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) >[2012/08/30 15:27:58.774023, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153921 >[2012/08/30 15:27:58.774157, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153921, tv_sec = 503fbebe, tv_usec = bc56a >[2012/08/30 15:27:58.774300, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.774455, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.774581, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.774739, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.774875, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.774999, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.775149, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.775286, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.775414, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.775564, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.775706, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.775838, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17775, open name = x64/3/pscript.ntf >[2012/08/30 15:27:58.776871, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:58.777053, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:58.777190, 3] smbd/process.c:1662(process_smb) > Transaction 199 of length 45 (0 toread) >[2012/08/30 15:27:58.777314, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.777387, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17802 > smt_wct=3 > smb_vwv[ 0]=17775 (0x456F) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:58.778689, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.778755, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.778900, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.779028, 3] smbd/reply.c:4848(reply_close) > close fd=40 fnum=17775 (numopen=5) >[2012/08/30 15:27:58.779192, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:58.779354, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153921 has kernel oplock state of 1. >[2012/08/30 15:27:58.779561, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.779713, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c052fe0 >[2012/08/30 15:27:58.779836, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.779985, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x454a, type= 0x3, gen_id = 1302153921, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.780135, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.780290, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.780441, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.ntf = 0 >[2012/08/30 15:27:58.780566, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.ntf >[2012/08/30 15:27:58.780723, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.ntf (numopen=4) NT_STATUS_OK >[2012/08/30 15:27:58.780848, 5] smbd/files.c:482(file_free) > freed files structure 17775 (5 used) >[2012/08/30 15:27:58.780988, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.781061, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=17802 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.782157, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.782347, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.782511, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:58.782632, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:58.783017, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:58.783186, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:58.783329, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:58.783454, 3] smbd/process.c:1662(process_smb) > Transaction 200 of length 126 (0 toread) >[2012/08/30 15:27:58.783636, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.783726, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17866 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:58.786421, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 70 .\.x.6.4 .\.3.\.p > [0010] 00 73 00 63 00 72 00 69 00 70 00 74 00 2E 00 6E .s.c.r.i .p.t...n > [0020] 00 74 00 66 00 00 00 .t.f... >[2012/08/30 15:27:58.786732, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.786881, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:58.787007, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:58.790580, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:58.791090, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:58.791238, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.791381, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/pscript.ntf" >[2012/08/30 15:27:58.791573, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/PSCRIPT.NTF] -> [x64/3/pscript.ntf] >[2012/08/30 15:27:58.791715, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/pscript.ntf] [/var/lib/samba/printers] >[2012/08/30 15:27:58.791881, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/pscript.ntf] -> [/var/lib/samba/printers/x64/3/pscript.ntf] >[2012/08/30 15:27:58.792145, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/pscript.ntf reduced to /var/lib/samba/printers/x64/3/pscript.ntf >[2012/08/30 15:27:58.792286, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.792429, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/pscript.ntf >[2012/08/30 15:27:58.792603, 5] smbd/files.c:140(file_new) > allocated file structure 13680, fnum = 17776 (6 used) >[2012/08/30 15:27:58.792760, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/pscript.ntf hash 0x7d40e663 >[2012/08/30 15:27:58.792899, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/pscript.ntf) returning 0744 >[2012/08/30 15:27:58.793038, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:58.793189, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.793329, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.793467, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.793593, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/pscript.ntf, after mapping access_mask=0x20089 >[2012/08/30 15:27:58.793786, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.793938, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c051540 >[2012/08/30 15:27:58.794135, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23ba9:0 >[2012/08/30 15:27:58.794270, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.794422, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:27:58.794550, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c051780 >[2012/08/30 15:27:58.794689, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.794826, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:58.794982, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/pscript.ntf, flags = 00 mode = 0744, fd = 40. >[2012/08/30 15:27:58.795113, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/pscript.ntf read=Yes write=No (numopen=5) >[2012/08/30 15:27:58.795239, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153922 >[2012/08/30 15:27:58.795405, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/pscript.ntf, 801:23ba9:0/1302153922, tv_sec = 503fbebe, tv_usec = c181a >[2012/08/30 15:27:58.795581, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:58.795742, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.795884, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:27:58.796053, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:58.796196, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:58.796317, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.796455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.796592, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.796764, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.796919, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.797065, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/pscript.ntf >[2012/08/30 15:27:58.797196, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17776, open name = x64/3/pscript.ntf >[2012/08/30 15:27:58.798517, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:58.798686, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:58.798810, 3] smbd/process.c:1662(process_smb) > Transaction 201 of length 90 (0 toread) >[2012/08/30 15:27:58.798957, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.799040, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17930 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17776 (0x4570) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:58.801419, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:58.801736, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.801880, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.802020, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:58.802154, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:58.802279, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 70 45 01 00 ....pE.. >[2012/08/30 15:27:58.802436, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4570] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:58.802575, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:58.802704, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.802783, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17930 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:58.803748, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.804339, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.804474, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.804594, 3] smbd/process.c:1662(process_smb) > Transaction 202 of length 76 (0 toread) >[2012/08/30 15:27:58.804730, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.804808, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17994 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.806771, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 70 45 ED 03 ...pE.. >[2012/08/30 15:27:58.806935, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.807065, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.807215, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:58.807384, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.807563, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.807729, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.807873, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1005 call=7 total_data=0 >[2012/08/30 15:27:58.807998, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1005 max_data=24 >[2012/08/30 15:27:58.808136, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.808287, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.808408, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.808550, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:58.808705, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:58.808826, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:58.808979, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.809042, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=17994 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:58.810655, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 20 00 00 00 00 00 C4 2E 10 ....... ........ > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:58.812851, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.813097, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.813225, 3] smbd/process.c:1662(process_smb) > Transaction 203 of length 76 (0 toread) >[2012/08/30 15:27:58.813366, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.813449, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18058 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.815564, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 70 45 EC 03 ...pE.. >[2012/08/30 15:27:58.815743, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.815869, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.815997, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.816182, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.816327, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.816492, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.816659, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.816790, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1004 max_data=40 >[2012/08/30 15:27:58.816928, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.817069, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.817200, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.817347, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.817469, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.818033, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.818163, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.818314, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.818394, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18058 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.820091, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 > [0010] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.821568, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.821726, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.821869, 3] smbd/process.c:1662(process_smb) > Transaction 204 of length 76 (0 toread) >[2012/08/30 15:27:58.822020, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.822084, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18122 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.824084, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 70 45 FE 03 ...pE.. >[2012/08/30 15:27:58.824240, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.824399, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.824542, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:58.824722, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.824865, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.824990, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.825137, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1022 call=7 total_data=0 >[2012/08/30 15:27:58.825268, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1022 max_data=4094 >[2012/08/30 15:27:58.825563, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.825709, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.825876, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.826010, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:58.826153, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:58.826306, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:58.826429, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.826493, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18122 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:58.828207, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 C4 2E 10 ........ ........ > [0010] 00 00 00 00 00 00 00 20 00 00 00 00 00 3A 00 3A ....... .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:58.828999, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:58.829150, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:58.829274, 3] smbd/process.c:1662(process_smb) > Transaction 205 of length 76 (0 toread) >[2012/08/30 15:27:58.829445, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.829516, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18186 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:58.831432, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 70 45 EC 03 ...pE.. >[2012/08/30 15:27:58.831625, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.831755, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.831932, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:58.832068, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:58.832241, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:27:58.832366, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:27:58.832490, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/pscript.ntf (fnum = 17776) level=1004 call=7 total_data=0 >[2012/08/30 15:27:58.832644, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/pscript.ntf (fnum = 17776) level=1004 max_data=40 >[2012/08/30 15:27:58.832768, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/pscript.ntf >[2012/08/30 15:27:58.832918, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:58.833066, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:58.833213, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:58.833395, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:58.833875, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:58.834865, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:58.835019, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.835083, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18186 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:58.836709, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 42 5E D7 CB E3 86 CD 01 B1 C3 37 .....B^. .......7 > [0010] D9 E3 86 CD 01 42 5E D7 CB E3 86 CD 01 42 5E D7 .....B^. .....B^. > [0020] CB E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:58.838313, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:58.838534, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:58.838674, 3] smbd/process.c:1662(process_smb) > Transaction 206 of length 74 (0 toread) >[2012/08/30 15:27:58.838798, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.838880, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18250 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:58.841188, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:58.841369, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.841501, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.841674, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:58.841818, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:58.841969, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:58.842138, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:58.842268, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.842332, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=18250 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:58.844119, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:58.844460, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:58.845311, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.845753, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.846013, 3] smbd/process.c:1662(process_smb) > Transaction 207 of length 63 (0 toread) >[2012/08/30 15:27:58.846286, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.846471, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18314 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.850041, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.850141, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.850271, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.850451, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.850577, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.850740, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 0, size = 32768, returned 32768 >[2012/08/30 15:27:58.850872, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.851273, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.851429, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.851718, 3] smbd/process.c:1662(process_smb) > Transaction 208 of length 63 (0 toread) >[2012/08/30 15:27:58.851839, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.851904, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18379 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.853574, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.853645, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.853782, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.853906, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.854060, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=32768 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.854221, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 32768, size = 32768, returned 32768 >[2012/08/30 15:27:58.854343, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.854712, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.854839, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.855094, 3] smbd/process.c:1662(process_smb) > Transaction 209 of length 63 (0 toread) >[2012/08/30 15:27:58.855230, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.855293, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18444 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.856909, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.856973, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.857095, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.857232, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.857350, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=65536 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.857492, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 65536, size = 32768, returned 32768 >[2012/08/30 15:27:58.857623, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.857972, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.858100, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.858393, 3] smbd/process.c:1662(process_smb) > Transaction 210 of length 63 (0 toread) >[2012/08/30 15:27:58.858530, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.858707, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18509 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 1 (0x1) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.860521, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.860587, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.860730, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.860852, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.860987, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=98304 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.861144, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 98304, size = 32768, returned 32768 >[2012/08/30 15:27:58.861265, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.861625, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.861766, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.862173, 3] smbd/process.c:1662(process_smb) > Transaction 211 of length 63 (0 toread) >[2012/08/30 15:27:58.862297, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.862359, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18574 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.864021, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.864103, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.864222, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.864346, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.864476, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=131072 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.864623, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 131072, size = 32768, returned 32768 >[2012/08/30 15:27:58.864747, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.865113, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.865359, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.865628, 3] smbd/process.c:1662(process_smb) > Transaction 212 of length 63 (0 toread) >[2012/08/30 15:27:58.865885, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.865957, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18639 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 2 (0x2) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.867520, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.867593, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.867712, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.867851, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.867972, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=163840 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.868137, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 163840, size = 32768, returned 32768 >[2012/08/30 15:27:58.868396, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.868793, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.868928, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.869049, 3] smbd/process.c:1662(process_smb) > Transaction 213 of length 63 (0 toread) >[2012/08/30 15:27:58.869295, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.869370, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18688 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.871156, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.871234, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.871355, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.871496, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.871698, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=196608 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.871855, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 196608, size = 32768, returned 32768 >[2012/08/30 15:27:58.871985, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.872363, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.872493, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.872612, 3] smbd/process.c:1662(process_smb) > Transaction 214 of length 63 (0 toread) >[2012/08/30 15:27:58.872750, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.872812, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18753 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 3 (0x3) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.874552, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.874629, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.874748, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.874890, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.875011, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=229376 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.875176, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 229376, size = 32768, returned 32768 >[2012/08/30 15:27:58.875302, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.876749, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.876940, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.877183, 3] smbd/process.c:1662(process_smb) > Transaction 215 of length 63 (0 toread) >[2012/08/30 15:27:58.877319, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.877382, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18818 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.879296, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.879366, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.880372, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.880538, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.880669, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=262144 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.880822, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 262144, size = 32768, returned 32768 >[2012/08/30 15:27:58.880960, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.881727, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.881874, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.881995, 3] smbd/process.c:1662(process_smb) > Transaction 216 of length 63 (0 toread) >[2012/08/30 15:27:58.882144, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.882208, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18883 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 4 (0x4) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.888217, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.888293, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.888543, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.888679, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.888816, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=294912 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.888965, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 294912, size = 32768, returned 32768 >[2012/08/30 15:27:58.889087, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.889611, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.889922, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.890067, 3] smbd/process.c:1662(process_smb) > Transaction 217 of length 63 (0 toread) >[2012/08/30 15:27:58.890198, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.890266, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=18948 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.893001, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.893088, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.893258, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.893387, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.893530, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=327680 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.893704, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 327680, size = 32768, returned 32768 >[2012/08/30 15:27:58.893831, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.894704, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.894873, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.894993, 3] smbd/process.c:1662(process_smb) > Transaction 218 of length 63 (0 toread) >[2012/08/30 15:27:58.895115, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.895177, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19013 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 5 (0x5) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.896712, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.896776, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.896912, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.897034, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.897156, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=360448 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.897301, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 360448, size = 32768, returned 32768 >[2012/08/30 15:27:58.897576, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.901259, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.901467, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.901601, 3] smbd/process.c:1662(process_smb) > Transaction 219 of length 63 (0 toread) >[2012/08/30 15:27:58.901737, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.901799, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19078 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.903353, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.903427, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.903647, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.903889, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.904013, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=393216 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.904168, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 393216, size = 32768, returned 32768 >[2012/08/30 15:27:58.904296, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.905104, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.905265, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.906239, 3] smbd/process.c:1662(process_smb) > Transaction 220 of length 63 (0 toread) >[2012/08/30 15:27:58.906615, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.906687, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19143 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 6 (0x6) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.908387, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.908457, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.908619, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.908762, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.909137, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=425984 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.909352, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 425984, size = 32768, returned 32768 >[2012/08/30 15:27:58.909502, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.909911, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.910250, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.910399, 3] smbd/process.c:1662(process_smb) > Transaction 221 of length 63 (0 toread) >[2012/08/30 15:27:58.910531, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.910596, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19208 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.914650, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.914752, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.914918, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.915079, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.915229, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=458752 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.915416, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 458752, size = 32768, returned 32768 >[2012/08/30 15:27:58.915577, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.916245, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.916411, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.916552, 3] smbd/process.c:1662(process_smb) > Transaction 222 of length 63 (0 toread) >[2012/08/30 15:27:58.916691, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.916757, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19273 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 7 (0x7) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.918795, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.918865, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.918990, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.919119, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.919240, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=491520 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.919428, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 491520, size = 32768, returned 32768 >[2012/08/30 15:27:58.919621, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.921426, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.921593, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.921731, 3] smbd/process.c:1662(process_smb) > Transaction 223 of length 63 (0 toread) >[2012/08/30 15:27:58.921855, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.922078, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19338 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.923818, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.923903, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.924024, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.924168, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.924335, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=524288 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.924490, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 524288, size = 32768, returned 32768 >[2012/08/30 15:27:58.924626, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.925004, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.925167, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.925428, 3] smbd/process.c:1662(process_smb) > Transaction 224 of length 63 (0 toread) >[2012/08/30 15:27:58.925568, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.925658, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19403 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 8 (0x8) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.927593, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.927661, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.927782, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.927925, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.928090, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=557056 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.928241, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 557056, size = 32768, returned 32768 >[2012/08/30 15:27:58.928383, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.928763, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.929063, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.929211, 3] smbd/process.c:1662(process_smb) > Transaction 225 of length 63 (0 toread) >[2012/08/30 15:27:58.929351, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.929415, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19468 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.931170, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.931242, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.931363, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.931559, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.931700, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=589824 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.931850, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 589824, size = 32768, returned 32768 >[2012/08/30 15:27:58.931992, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.932366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.932651, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.933095, 3] smbd/process.c:1662(process_smb) > Transaction 226 of length 63 (0 toread) >[2012/08/30 15:27:58.933241, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.933306, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19533 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 9 (0x9) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.935150, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.935224, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.935351, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.935482, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.935641, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=622592 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.935803, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 622592, size = 32768, returned 32768 >[2012/08/30 15:27:58.935949, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.937519, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.937683, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.937944, 3] smbd/process.c:1662(process_smb) > Transaction 227 of length 63 (0 toread) >[2012/08/30 15:27:58.938065, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.938154, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19598 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 10 (0xA) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.939869, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.939936, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.940074, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.940230, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.940355, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=655360 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.940496, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 655360, size = 32768, returned 32768 >[2012/08/30 15:27:58.940749, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.942124, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.942299, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.942458, 3] smbd/process.c:1662(process_smb) > Transaction 228 of length 63 (0 toread) >[2012/08/30 15:27:58.942595, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.942659, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19663 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 10 (0xA) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.944432, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.944500, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.944633, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.944766, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.944889, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=688128 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.945056, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 688128, size = 32768, returned 32768 >[2012/08/30 15:27:58.945198, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.949963, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.950221, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.950344, 3] smbd/process.c:1662(process_smb) > Transaction 229 of length 63 (0 toread) >[2012/08/30 15:27:58.950498, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.950560, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19713 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 11 (0xB) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.952330, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.952411, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.952550, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.952679, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.952813, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=720896 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.952981, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 720896, size = 32768, returned 32768 >[2012/08/30 15:27:58.953138, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.953861, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.954058, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.954189, 3] smbd/process.c:1662(process_smb) > Transaction 230 of length 63 (0 toread) >[2012/08/30 15:27:58.954337, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.954416, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19776 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 11 (0xB) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.956116, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.956184, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.956305, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.956461, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.956620, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=753664 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.956796, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 753664, size = 32768, returned 32768 >[2012/08/30 15:27:58.956949, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.957326, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.957472, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.957603, 3] smbd/process.c:1662(process_smb) > Transaction 231 of length 63 (0 toread) >[2012/08/30 15:27:58.957750, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.957834, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19842 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.959775, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.959843, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.959980, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.960120, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.960258, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=786432 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.960415, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 786432, size = 32768, returned 32768 >[2012/08/30 15:27:58.960542, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.960896, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.961026, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.961165, 3] smbd/process.c:1662(process_smb) > Transaction 232 of length 63 (0 toread) >[2012/08/30 15:27:58.961303, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.961377, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19907 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 12 (0xC) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.963233, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.963325, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.963454, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.963633, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.963771, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=819200 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.963934, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 819200, size = 32768, returned 32768 >[2012/08/30 15:27:58.964085, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:58.964434, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:58.964570, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:58.964805, 3] smbd/process.c:1662(process_smb) > Transaction 233 of length 63 (0 toread) >[2012/08/30 15:27:58.964967, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:58.965037, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=19972 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 13 (0xD) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:58.966820, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:58.966888, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:58.967026, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:58.967176, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:58.967313, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=851968 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:58.967473, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 851968, size = 32768, returned 32768 >[2012/08/30 15:27:58.967638, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.212956, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.213164, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.213288, 3] smbd/process.c:1662(process_smb) > Transaction 234 of length 63 (0 toread) >[2012/08/30 15:27:59.213406, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.213468, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20037 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 13 (0xD) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.215252, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.215328, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.215467, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.215640, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.215784, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=884736 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.215956, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 884736, size = 32768, returned 32768 >[2012/08/30 15:27:59.216100, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.216567, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.216721, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.216858, 3] smbd/process.c:1662(process_smb) > Transaction 235 of length 63 (0 toread) >[2012/08/30 15:27:59.217005, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.217091, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20102 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 14 (0xE) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.218850, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.218924, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.219062, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.219202, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.219339, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=917504 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.219497, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 917504, size = 32768, returned 32768 >[2012/08/30 15:27:59.219637, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.219802, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.219943, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.220080, 3] smbd/process.c:1662(process_smb) > Transaction 236 of length 63 (0 toread) >[2012/08/30 15:27:59.220217, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.220289, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20167 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 14 (0xE) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.222163, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.222236, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.222373, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.222537, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.222677, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=950272 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.222972, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 950272, size = 32768, returned 32768 >[2012/08/30 15:27:59.223559, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.223837, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.223979, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.224117, 3] smbd/process.c:1662(process_smb) > Transaction 237 of length 63 (0 toread) >[2012/08/30 15:27:59.224254, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.224326, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20232 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 15 (0xF) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.226638, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.226711, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.226833, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.226957, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.227077, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=983040 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.227223, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 983040, size = 32768, returned 32768 >[2012/08/30 15:27:59.227346, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.227919, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.228172, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.228302, 3] smbd/process.c:1662(process_smb) > Transaction 238 of length 63 (0 toread) >[2012/08/30 15:27:59.228422, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.228484, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20297 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]=32768 (0x8000) > smb_vwv[ 4]= 15 (0xF) > smb_vwv[ 5]=32768 (0x8000) > smb_vwv[ 6]=32768 (0x8000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=32768 (0x8000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.229969, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.230041, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.230162, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.230303, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.230424, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=1015808 len=32768 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.230571, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 1015808, size = 32768, returned 32768 >[2012/08/30 15:27:59.230694, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=32768 nread=32768 >[2012/08/30 15:27:59.231054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.231181, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.231301, 3] smbd/process.c:1662(process_smb) > Transaction 239 of length 63 (0 toread) >[2012/08/30 15:27:59.231549, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.231640, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20362 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17776 (0x4570) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 16 (0x10) > smb_vwv[ 5]=11972 (0x2EC4) > smb_vwv[ 6]=11972 (0x2EC4) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=11972 (0x2EC4) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.233106, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.233172, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.233291, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.233422, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/pscript.ntf >[2012/08/30 15:27:59.233541, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=1048576 len=11972 unlocked for fnum 17776 file x64/3/pscript.ntf >[2012/08/30 15:27:59.233821, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/pscript.ntf): pos = 1048576, size = 11972, returned 11972 >[2012/08/30 15:27:59.233944, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17776 max=11972 nread=11972 >[2012/08/30 15:27:59.237517, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 114 >[2012/08/30 15:27:59.237777, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x72 >[2012/08/30 15:27:59.237930, 3] smbd/process.c:1662(process_smb) > Transaction 240 of length 118 (0 toread) >[2012/08/30 15:27:59.238101, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.238181, 5] lib/util.c:342(show_msg) > size=114 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20426 > smt_wct=15 > smb_vwv[ 0]= 46 (0x2E) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 46 (0x2E) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=49 >[2012/08/30 15:27:59.240203, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 00 00 .p.s.6.. .i.n.i.. > [0030] 00 . >[2012/08/30 15:27:59.240592, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.240730, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.240894, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.241046, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cups6.ini" >[2012/08/30 15:27:59.241209, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/CUPS6.INI] >[2012/08/30 15:27:59.241348, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:59.241491, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/cups6.ini, dirpath = x64/3, start = cups6.ini >[2012/08/30 15:27:59.241662, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c053060:size f) X64/3/CUPS6.INI -> x64/3/cups6.ini >[2012/08/30 15:27:59.241800, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/cups6.ini -> x64/3/cups6.ini >[2012/08/30 15:27:59.241938, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] >[2012/08/30 15:27:59.242090, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] >[2012/08/30 15:27:59.242247, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini >[2012/08/30 15:27:59.242384, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cups6.ini >[2012/08/30 15:27:59.242525, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.242662, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.242818, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.242956, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.243251, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.243397, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cups6.ini, attr = 22 >[2012/08/30 15:27:59.243596, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.243750, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c012c20 now at offset -1 >[2012/08/30 15:27:59.243892, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.244032, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.244169, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.244341, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.244479, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cups6.ini] found x64/3/cups6.ini fname=cups6.ini (cups6.ini) >[2012/08/30 15:27:59.244624, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.244778, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.244927, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.245066, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.245216, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 >[2012/08/30 15:27:59.245356, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 >[2012/08/30 15:27:59.245495, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.245743, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20426 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2012/08/30 15:27:59.247426, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. > [0010] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI > [0020] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ > [0030] CC E3 86 CD 01 48 00 00 00 00 00 00 00 00 00 10 .....H.. ........ > [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 36 00 2E 00 69 00 6E 00 69 00 .s.6...i .n.i. >[2012/08/30 15:27:59.248466, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cups6.ini directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.251567, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 114 >[2012/08/30 15:27:59.251746, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x72 >[2012/08/30 15:27:59.251866, 3] smbd/process.c:1662(process_smb) > Transaction 241 of length 118 (0 toread) >[2012/08/30 15:27:59.251985, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.252046, 5] lib/util.c:342(show_msg) > size=114 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20490 > smt_wct=15 > smb_vwv[ 0]= 46 (0x2E) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 46 (0x2E) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=49 >[2012/08/30 15:27:59.253680, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 00 00 .p.s.6.. .i.n.i.. > [0030] 00 . >[2012/08/30 15:27:59.254030, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.254149, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.254274, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.254401, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cups6.ini" >[2012/08/30 15:27:59.254524, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] >[2012/08/30 15:27:59.254652, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] >[2012/08/30 15:27:59.254781, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] >[2012/08/30 15:27:59.254898, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini >[2012/08/30 15:27:59.255016, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cups6.ini >[2012/08/30 15:27:59.255134, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.255251, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.255377, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.255519, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.255656, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.255773, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cups6.ini, attr = 22 >[2012/08/30 15:27:59.255890, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.256017, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 >[2012/08/30 15:27:59.257051, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.257176, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.257295, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.257427, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.257696, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cups6.ini] found x64/3/cups6.ini fname=cups6.ini (cups6.ini) >[2012/08/30 15:27:59.257820, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.257958, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.258088, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.258214, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.258342, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 112, useable_space = 131010 >[2012/08/30 15:27:59.258460, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 112, paramsize = 10, datasize = 112 >[2012/08/30 15:27:59.258578, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.258639, 5] lib/util.c:342(show_msg) > size=180 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20490 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 112 (0x70) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 112 (0x70) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=125 >[2012/08/30 15:27:59.260010, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 70 00 00 ........ .....p.. > [0010] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI > [0020] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ > [0030] CC E3 86 CD 01 48 00 00 00 00 00 00 00 00 00 10 .....H.. ........ > [0040] 00 00 00 00 00 20 00 00 00 12 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 36 00 2E 00 69 00 6E 00 69 00 .s.6...i .n.i. >[2012/08/30 15:27:59.260759, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cups6.ini directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.262439, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.262594, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.262714, 3] smbd/process.c:1662(process_smb) > Transaction 242 of length 122 (0 toread) >[2012/08/30 15:27:59.262853, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.262915, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20554 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:59.265090, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i > [0020] 00 00 00 ... >[2012/08/30 15:27:59.265405, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.265527, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.265650, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cups6.ini >[2012/08/30 15:27:59.265775, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cups6.ini" >[2012/08/30 15:27:59.265898, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] >[2012/08/30 15:27:59.266050, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] >[2012/08/30 15:27:59.266180, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] >[2012/08/30 15:27:59.266297, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini >[2012/08/30 15:27:59.266415, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.266538, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.266663, 5] smbd/files.c:140(file_new) > allocated file structure 13681, fnum = 17777 (7 used) >[2012/08/30 15:27:59.266813, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb >[2012/08/30 15:27:59.266933, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cups6.ini) returning 0744 >[2012/08/30 15:27:59.267051, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.267173, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.267291, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.267409, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.267570, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.267706, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.267832, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0534b0 >[2012/08/30 15:27:59.267949, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 >[2012/08/30 15:27:59.268069, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.268200, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.268323, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0536f0 >[2012/08/30 15:27:59.268442, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini >[2012/08/30 15:27:59.268560, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.268686, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. >[2012/08/30 15:27:59.268804, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) >[2012/08/30 15:27:59.268929, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153923 >[2012/08/30 15:27:59.269050, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153923, tv_sec = 503fbebf, tv_usec = 411a5 >[2012/08/30 15:27:59.269176, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.269472, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.269603, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.269730, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.269847, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.269965, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.270085, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.270202, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.270328, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.270463, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.270590, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cups6.ini >[2012/08/30 15:27:59.270709, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17777, open name = x64/3/cups6.ini >[2012/08/30 15:27:59.271378, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.271573, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.271703, 3] smbd/process.c:1662(process_smb) > Transaction 243 of length 76 (0 toread) >[2012/08/30 15:27:59.271820, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.271881, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20618 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.273564, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 71 45 EE 03 ...qE.. >[2012/08/30 15:27:59.273698, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.273817, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.273938, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:59.274091, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.274230, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.274350, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.274471, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17777) level=1006 call=7 total_data=0 >[2012/08/30 15:27:59.274591, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17777) level=1006 max_data=8 >[2012/08/30 15:27:59.274712, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.274841, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.274978, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.275101, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:59.275221, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:59.275340, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:59.275458, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.275562, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20618 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:59.276983, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 AA 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:59.287308, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.288425, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.288560, 3] smbd/process.c:1662(process_smb) > Transaction 244 of length 63 (0 toread) >[2012/08/30 15:27:59.289775, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.290570, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20682 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17777 (0x4571) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 72 (0x48) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 72 (0x48) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.293649, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.293717, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.293932, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.294079, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cups6.ini >[2012/08/30 15:27:59.294202, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=72 unlocked for fnum 17777 file x64/3/cups6.ini >[2012/08/30 15:27:59.294336, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cups6.ini): pos = 0, size = 72, returned 72 >[2012/08/30 15:27:59.294457, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17777 max=72 nread=72 >[2012/08/30 15:27:59.297660, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.297874, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.297998, 3] smbd/process.c:1662(process_smb) > Transaction 245 of length 45 (0 toread) >[2012/08/30 15:27:59.298117, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.298179, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20746 > smt_wct=3 > smb_vwv[ 0]=17777 (0x4571) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.299168, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.299234, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.299354, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.299486, 3] smbd/reply.c:4848(reply_close) > close fd=41 fnum=17777 (numopen=6) >[2012/08/30 15:27:59.299794, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.299936, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153923 has kernel oplock state of 1. >[2012/08/30 15:27:59.300082, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.300220, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c055040 >[2012/08/30 15:27:59.300338, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.300497, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x504a, type= 0x3, gen_id = 1302153923, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.300619, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.300740, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.300867, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cups6.ini = 0 >[2012/08/30 15:27:59.300990, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cups6.ini >[2012/08/30 15:27:59.301117, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cups6.ini (numopen=5) NT_STATUS_OK >[2012/08/30 15:27:59.301255, 5] smbd/files.c:482(file_free) > freed files structure 17777 (6 used) >[2012/08/30 15:27:59.301400, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.301462, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20746 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.302235, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.302983, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.303274, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.303399, 3] smbd/process.c:1662(process_smb) > Transaction 246 of length 122 (0 toread) >[2012/08/30 15:27:59.303575, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.303652, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20810 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:59.306438, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i > [0020] 00 00 00 ... >[2012/08/30 15:27:59.306717, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.306838, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.306998, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cups6.ini >[2012/08/30 15:27:59.307123, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cups6.ini" >[2012/08/30 15:27:59.307264, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] >[2012/08/30 15:27:59.307392, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] >[2012/08/30 15:27:59.307545, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] >[2012/08/30 15:27:59.307731, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini >[2012/08/30 15:27:59.307853, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.307978, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.308103, 5] smbd/files.c:140(file_new) > allocated file structure 13682, fnum = 17778 (7 used) >[2012/08/30 15:27:59.308228, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb >[2012/08/30 15:27:59.308350, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cups6.ini) returning 0744 >[2012/08/30 15:27:59.308470, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.308615, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.308770, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.308890, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.309010, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.309137, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.309265, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0534b0 >[2012/08/30 15:27:59.309429, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 >[2012/08/30 15:27:59.309552, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.309685, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.309807, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0536f0 >[2012/08/30 15:27:59.309926, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini >[2012/08/30 15:27:59.310044, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.310194, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. >[2012/08/30 15:27:59.310313, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) >[2012/08/30 15:27:59.310436, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153924 >[2012/08/30 15:27:59.310567, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153924, tv_sec = 503fbebf, tv_usec = 4b386 >[2012/08/30 15:27:59.310692, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.310829, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.310969, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.311096, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.311213, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.311331, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.311449, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.311620, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.311762, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.311897, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.312024, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cups6.ini >[2012/08/30 15:27:59.312142, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17778, open name = x64/3/cups6.ini >[2012/08/30 15:27:59.313324, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.313482, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.313601, 3] smbd/process.c:1662(process_smb) > Transaction 247 of length 45 (0 toread) >[2012/08/30 15:27:59.313719, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.313780, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20874 > smt_wct=3 > smb_vwv[ 0]=17778 (0x4572) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.314734, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.314799, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.314917, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.315054, 3] smbd/reply.c:4848(reply_close) > close fd=41 fnum=17778 (numopen=6) >[2012/08/30 15:27:59.315172, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.315306, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153924 has kernel oplock state of 1. >[2012/08/30 15:27:59.315442, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.315621, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c055040 >[2012/08/30 15:27:59.315752, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.315894, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x514a, type= 0x3, gen_id = 1302153924, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.316024, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.316145, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.316272, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cups6.ini = 0 >[2012/08/30 15:27:59.316391, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cups6.ini >[2012/08/30 15:27:59.316805, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cups6.ini (numopen=5) NT_STATUS_OK >[2012/08/30 15:27:59.316927, 5] smbd/files.c:482(file_free) > freed files structure 17778 (6 used) >[2012/08/30 15:27:59.317047, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.317108, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=20874 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.318088, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.318883, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.319026, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.319148, 3] smbd/process.c:1662(process_smb) > Transaction 248 of length 122 (0 toread) >[2012/08/30 15:27:59.319265, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.319326, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=20938 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 8192 (0x2000) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=35 >[2012/08/30 15:27:59.321602, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 36 00 2E 00 69 00 6E 00 69 .u.p.s.6 ...i.n.i > [0020] 00 00 00 ... >[2012/08/30 15:27:59.321876, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.321996, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.322120, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cups6.ini >[2012/08/30 15:27:59.322248, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cups6.ini" >[2012/08/30 15:27:59.322376, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPS6.INI] -> [x64/3/cups6.ini] >[2012/08/30 15:27:59.322500, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cups6.ini] [/var/lib/samba/printers] >[2012/08/30 15:27:59.322630, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cups6.ini] -> [/var/lib/samba/printers/x64/3/cups6.ini] >[2012/08/30 15:27:59.322747, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cups6.ini reduced to /var/lib/samba/printers/x64/3/cups6.ini >[2012/08/30 15:27:59.322873, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.322996, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cups6.ini >[2012/08/30 15:27:59.323120, 5] smbd/files.c:140(file_new) > allocated file structure 13683, fnum = 17779 (7 used) >[2012/08/30 15:27:59.323245, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cups6.ini hash 0x3d0916cb >[2012/08/30 15:27:59.323365, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cups6.ini) returning 0744 >[2012/08/30 15:27:59.323484, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.324417, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.324539, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.324659, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.324799, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cups6.ini, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.324929, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.325055, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0534b0 >[2012/08/30 15:27:59.325174, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23baa:0 >[2012/08/30 15:27:59.325295, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.325429, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:27:59.325555, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0536f0 >[2012/08/30 15:27:59.325675, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cups6.ini >[2012/08/30 15:27:59.325793, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.325951, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cups6.ini, flags = 00 mode = 0744, fd = 41. >[2012/08/30 15:27:59.326072, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cups6.ini read=Yes write=No (numopen=6) >[2012/08/30 15:27:59.326197, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153925 >[2012/08/30 15:27:59.326323, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cups6.ini, 801:23baa:0/1302153925, tv_sec = 503fbebf, tv_usec = 4ee2e >[2012/08/30 15:27:59.326447, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.326585, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.326709, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:27:59.326840, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.326958, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.327091, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.327250, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.327369, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.327497, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.327639, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.327772, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cups6.ini >[2012/08/30 15:27:59.327914, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17779, open name = x64/3/cups6.ini >[2012/08/30 15:27:59.329127, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:59.329301, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:59.329422, 3] smbd/process.c:1662(process_smb) > Transaction 249 of length 90 (0 toread) >[2012/08/30 15:27:59.329543, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.329605, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21002 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17779 (0x4573) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:59.331834, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:59.331967, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.332200, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.332321, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:59.332442, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:59.332589, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 73 45 01 00 ....sE.. >[2012/08/30 15:27:59.332717, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4573] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:59.332840, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:59.332960, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.333021, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21002 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.333837, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.334437, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:59.334572, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:59.334689, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:59.334886, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:59.335017, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.335137, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.335257, 3] smbd/process.c:1662(process_smb) > Transaction 250 of length 76 (0 toread) >[2012/08/30 15:27:59.335374, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.335436, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21066 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.337762, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 73 45 ED 03 ...sE.. >[2012/08/30 15:27:59.337894, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.338053, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:59.338173, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:59.340769, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:59.341260, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:59.341385, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:59.341697, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.341844, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.341964, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.342083, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1005 call=7 total_data=0 >[2012/08/30 15:27:59.342203, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1005 max_data=24 >[2012/08/30 15:27:59.342322, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.342462, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.342582, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.342704, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:59.342823, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:59.342941, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:59.343058, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.343119, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21066 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:59.344549, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 48 00 00 ........ .....H.. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:59.345285, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.345436, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.345584, 3] smbd/process.c:1662(process_smb) > Transaction 251 of length 76 (0 toread) >[2012/08/30 15:27:59.345713, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.345775, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21130 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.347439, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 73 45 EC 03 ...sE.. >[2012/08/30 15:27:59.347615, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.347735, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.347888, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.348020, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.348160, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.348288, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.348408, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.348527, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1004 max_data=40 >[2012/08/30 15:27:59.348646, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.348765, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.348886, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.349008, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.349125, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:59.349504, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.349628, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.349763, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.349824, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21130 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.351168, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI > [0010] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ > [0020] CC E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:59.351879, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.352015, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.352139, 3] smbd/process.c:1662(process_smb) > Transaction 252 of length 76 (0 toread) >[2012/08/30 15:27:59.352257, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.352319, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21194 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.354124, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 73 45 FE 03 ...sE.. >[2012/08/30 15:27:59.354253, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.354372, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.354492, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:59.354642, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.354803, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.354924, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.355042, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1022 call=7 total_data=0 >[2012/08/30 15:27:59.355161, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1022 max_data=4094 >[2012/08/30 15:27:59.355280, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.355400, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.355556, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.355689, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:59.355813, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:59.355931, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:59.356066, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.356127, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21194 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:59.357528, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 48 00 00 ........ .....H.. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:59.358229, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.358359, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.358477, 3] smbd/process.c:1662(process_smb) > Transaction 253 of length 76 (0 toread) >[2012/08/30 15:27:59.358600, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.358662, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21258 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.360365, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 73 45 EC 03 ...sE.. >[2012/08/30 15:27:59.360494, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.360612, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.360746, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.360876, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.361023, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:27:59.361143, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:27:59.361264, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cups6.ini (fnum = 17779) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.361407, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cups6.ini (fnum = 17779) level=1004 max_data=40 >[2012/08/30 15:27:59.361525, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cups6.ini >[2012/08/30 15:27:59.361644, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.361761, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.361885, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.362001, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Thu Aug 30 15:15:20 2012 > access: Thu Aug 30 15:15:42 2012 > write: Thu Aug 30 15:15:20 2012 > change: Thu Aug 30 15:15:20 2012 > mode: 20 >[2012/08/30 15:27:59.362375, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.362493, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.362610, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.362688, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21258 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.364064, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 CA C2 00 CC E3 86 CD 01 B4 76 49 ........ ......vI > [0010] D9 E3 86 CD 01 CA C2 00 CC E3 86 CD 01 CA C2 00 ........ ........ > [0020] CC E3 86 CD 01 20 00 00 00 00 00 00 00 ..... .. ..... >[2012/08/30 15:27:59.365476, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:59.365645, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:59.365764, 3] smbd/process.c:1662(process_smb) > Transaction 254 of length 74 (0 toread) >[2012/08/30 15:27:59.365883, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.365946, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21322 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:59.367684, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:59.367824, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.367945, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.368067, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:59.368192, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:59.368333, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:59.368472, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:59.368591, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.368653, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21322 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:59.370068, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:59.370436, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:59.372268, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.372435, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.372555, 3] smbd/process.c:1662(process_smb) > Transaction 255 of length 63 (0 toread) >[2012/08/30 15:27:59.372678, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.372739, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21386 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17779 (0x4573) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 72 (0x48) > smb_vwv[ 6]= 72 (0x48) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 72 (0x48) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.374281, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.374346, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.374465, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.374589, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cups6.ini >[2012/08/30 15:27:59.374707, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=72 unlocked for fnum 17779 file x64/3/cups6.ini >[2012/08/30 15:27:59.374838, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cups6.ini): pos = 0, size = 72, returned 72 >[2012/08/30 15:27:59.374976, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17779 max=72 nread=72 >[2012/08/30 15:27:59.379686, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.379872, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.379992, 3] smbd/process.c:1662(process_smb) > Transaction 256 of length 122 (0 toread) >[2012/08/30 15:27:59.380110, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.380171, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21450 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:59.381996, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C .p.s.p.s .6...d.l > [0030] 00 6C 00 00 00 .l... >[2012/08/30 15:27:59.382367, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.382488, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.382613, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.382740, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsps6.dll" >[2012/08/30 15:27:59.382880, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/CUPSPS6.DLL] >[2012/08/30 15:27:59.383003, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:59.383126, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/cupsps6.dll, dirpath = x64/3, start = cupsps6.dll >[2012/08/30 15:27:59.383251, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c0550e0:size 11) X64/3/CUPSPS6.DLL -> x64/3/cupsps6.dll >[2012/08/30 15:27:59.383369, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/cupsps6.dll -> x64/3/cupsps6.dll >[2012/08/30 15:27:59.383487, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.383667, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] >[2012/08/30 15:27:59.383832, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll >[2012/08/30 15:27:59.383951, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cupsps6.dll >[2012/08/30 15:27:59.384070, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.384188, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.384312, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.384431, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.384565, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.384684, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cupsps6.dll, attr = 22 >[2012/08/30 15:27:59.384802, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.384931, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 >[2012/08/30 15:27:59.385054, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.385174, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.385296, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.385430, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.385549, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cupsps6.dll] found x64/3/cupsps6.dll fname=cupsps6.dll (cupsps6.dll) >[2012/08/30 15:27:59.385675, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.385821, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.385951, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.386083, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.386213, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:59.386332, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:59.386451, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.386514, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21450 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:59.387936, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0020] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... > [0030] 2E 28 7B CD 01 00 44 00 00 00 00 00 00 00 00 10 .({...D. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C 00 6C .s.p.s.6 ...d.l.l > [0080] 00 . >[2012/08/30 15:27:59.388827, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cupsps6.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.392970, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.393180, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.393303, 3] smbd/process.c:1662(process_smb) > Transaction 257 of length 122 (0 toread) >[2012/08/30 15:27:59.393423, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.393485, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21514 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:59.395162, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C .p.s.p.s .6...d.l > [0030] 00 6C 00 00 00 .l... >[2012/08/30 15:27:59.395566, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.395700, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.395826, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.395959, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsps6.dll" >[2012/08/30 15:27:59.396084, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] >[2012/08/30 15:27:59.396211, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.396354, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] >[2012/08/30 15:27:59.396473, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll >[2012/08/30 15:27:59.396592, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cupsps6.dll >[2012/08/30 15:27:59.396724, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.396849, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.396974, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.397092, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.397223, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.397341, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cupsps6.dll, attr = 22 >[2012/08/30 15:27:59.397460, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.397608, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 >[2012/08/30 15:27:59.397748, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.397877, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.397997, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.398131, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.398250, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cupsps6.dll] found x64/3/cupsps6.dll fname=cupsps6.dll (cupsps6.dll) >[2012/08/30 15:27:59.398378, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.398496, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.398618, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.398736, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.398862, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:59.398980, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:59.399098, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.399162, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21514 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:59.401008, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0020] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... > [0030] 2E 28 7B CD 01 00 44 00 00 00 00 00 00 00 00 10 .({...D. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 70 00 73 00 36 00 2E 00 64 00 6C 00 6C .s.p.s.6 ...d.l.l > [0080] 00 . >[2012/08/30 15:27:59.403386, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cupsps6.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.403597, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.403731, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.403850, 3] smbd/process.c:1662(process_smb) > Transaction 258 of length 126 (0 toread) >[2012/08/30 15:27:59.403979, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.404046, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21578 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.406223, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.406501, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.406623, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.406747, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.406872, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsps6.dll" >[2012/08/30 15:27:59.406994, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] >[2012/08/30 15:27:59.407118, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.407281, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] >[2012/08/30 15:27:59.407399, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll >[2012/08/30 15:27:59.407562, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.407707, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.407837, 5] smbd/files.c:140(file_new) > allocated file structure 13684, fnum = 17780 (8 used) >[2012/08/30 15:27:59.407961, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b >[2012/08/30 15:27:59.408086, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsps6.dll) returning 0744 >[2012/08/30 15:27:59.408206, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.408340, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.408461, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.408581, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.408702, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.408852, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.408984, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0555c0 >[2012/08/30 15:27:59.409104, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 >[2012/08/30 15:27:59.409225, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.409359, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.409481, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c055800 >[2012/08/30 15:27:59.409655, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.409775, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.409905, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. >[2012/08/30 15:27:59.410024, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) >[2012/08/30 15:27:59.410152, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153926 >[2012/08/30 15:27:59.410274, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153926, tv_sec = 503fbebf, tv_usec = 6391c >[2012/08/30 15:27:59.410452, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.410590, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.410715, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.410843, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.410961, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.411080, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.411199, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.411333, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.411457, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.411630, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.411757, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.411875, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17780, open name = x64/3/cupsps6.dll >[2012/08/30 15:27:59.412674, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.412822, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.412942, 3] smbd/process.c:1662(process_smb) > Transaction 259 of length 76 (0 toread) >[2012/08/30 15:27:59.413059, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.413121, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21642 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.417648, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 74 45 EE 03 ...tE.. >[2012/08/30 15:27:59.417790, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.417944, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.418068, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:59.418206, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.418346, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.418466, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.418585, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17780) level=1006 call=7 total_data=0 >[2012/08/30 15:27:59.418706, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17780) level=1006 max_data=8 >[2012/08/30 15:27:59.418825, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.418946, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.419084, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.419208, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:59.419328, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:59.419446, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:59.419617, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.419679, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21642 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:59.421030, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 AB 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:59.424441, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.424639, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.424764, 3] smbd/process.c:1662(process_smb) > Transaction 260 of length 63 (0 toread) >[2012/08/30 15:27:59.424894, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.424956, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21706 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17780 (0x4574) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.426598, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.426664, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.426904, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.427032, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.427151, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17780 file x64/3/cupsps6.dll >[2012/08/30 15:27:59.427287, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cupsps6.dll): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:59.427407, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17780 max=4096 nread=4096 >[2012/08/30 15:27:59.430242, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.430451, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.430572, 3] smbd/process.c:1662(process_smb) > Transaction 261 of length 45 (0 toread) >[2012/08/30 15:27:59.430725, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.430788, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21770 > smt_wct=3 > smb_vwv[ 0]=17780 (0x4574) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.431960, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.432036, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.432155, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.432277, 3] smbd/reply.c:4848(reply_close) > close fd=42 fnum=17780 (numopen=7) >[2012/08/30 15:27:59.432396, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.432539, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153926 has kernel oplock state of 1. >[2012/08/30 15:27:59.432685, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.432817, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0570c0 >[2012/08/30 15:27:59.432936, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.433076, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x544a, type= 0x3, gen_id = 1302153926, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.433200, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.433325, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.433472, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsps6.dll = 0 >[2012/08/30 15:27:59.433594, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsps6.dll >[2012/08/30 15:27:59.433792, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsps6.dll (numopen=6) NT_STATUS_OK >[2012/08/30 15:27:59.433915, 5] smbd/files.c:482(file_free) > freed files structure 17780 (7 used) >[2012/08/30 15:27:59.434154, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.434216, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21770 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.434987, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.435873, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.436027, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.436146, 3] smbd/process.c:1662(process_smb) > Transaction 262 of length 126 (0 toread) >[2012/08/30 15:27:59.436263, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.436327, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21834 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.438704, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.439306, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.439427, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.439583, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.439707, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsps6.dll" >[2012/08/30 15:27:59.439829, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] >[2012/08/30 15:27:59.439953, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.440082, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] >[2012/08/30 15:27:59.440199, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll >[2012/08/30 15:27:59.440370, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.440493, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.440655, 5] smbd/files.c:140(file_new) > allocated file structure 13685, fnum = 17781 (8 used) >[2012/08/30 15:27:59.440778, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b >[2012/08/30 15:27:59.440891, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsps6.dll) returning 0744 >[2012/08/30 15:27:59.441091, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.441212, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.441331, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.441470, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.441653, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.441814, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.441940, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0555c0 >[2012/08/30 15:27:59.442080, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 >[2012/08/30 15:27:59.442200, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.442332, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.442453, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c055800 >[2012/08/30 15:27:59.442571, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.442689, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.444509, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. >[2012/08/30 15:27:59.444673, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) >[2012/08/30 15:27:59.444799, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153927 >[2012/08/30 15:27:59.444922, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153927, tv_sec = 503fbebf, tv_usec = 6b94d >[2012/08/30 15:27:59.445047, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.445184, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.445307, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.445440, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.445560, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.445680, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.445798, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.445928, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.446053, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.446197, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.446324, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.446443, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17781, open name = x64/3/cupsps6.dll >[2012/08/30 15:27:59.448248, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.448429, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.448550, 3] smbd/process.c:1662(process_smb) > Transaction 263 of length 45 (0 toread) >[2012/08/30 15:27:59.448669, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.448727, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21898 > smt_wct=3 > smb_vwv[ 0]=17781 (0x4575) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.450820, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.450894, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.451014, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.451134, 3] smbd/reply.c:4848(reply_close) > close fd=42 fnum=17781 (numopen=7) >[2012/08/30 15:27:59.451253, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.451389, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153927 has kernel oplock state of 1. >[2012/08/30 15:27:59.451580, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.451720, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0570c0 >[2012/08/30 15:27:59.451838, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.451975, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x554a, type= 0x3, gen_id = 1302153927, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.452096, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.452218, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.452345, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsps6.dll = 0 >[2012/08/30 15:27:59.452464, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsps6.dll >[2012/08/30 15:27:59.452609, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsps6.dll (numopen=6) NT_STATUS_OK >[2012/08/30 15:27:59.452730, 5] smbd/files.c:482(file_free) > freed files structure 17781 (7 used) >[2012/08/30 15:27:59.452850, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.452912, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=21898 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.453682, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.454488, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.454643, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.454766, 3] smbd/process.c:1662(process_smb) > Transaction 264 of length 126 (0 toread) >[2012/08/30 15:27:59.454891, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.454952, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=21962 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.457278, 10] ../lib/util/util.c:415(dump_data) > [0000] 68 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 h\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 70 00 73 00 36 00 2E 00 64 .u.p.s.p .s.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.457565, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.457684, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.457831, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.457956, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsps6.dll" >[2012/08/30 15:27:59.458121, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSPS6.DLL] -> [x64/3/cupsps6.dll] >[2012/08/30 15:27:59.458253, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsps6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.458384, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsps6.dll] -> [/var/lib/samba/printers/x64/3/cupsps6.dll] >[2012/08/30 15:27:59.458502, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsps6.dll reduced to /var/lib/samba/printers/x64/3/cupsps6.dll >[2012/08/30 15:27:59.458620, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.458743, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsps6.dll >[2012/08/30 15:27:59.458867, 5] smbd/files.c:140(file_new) > allocated file structure 13686, fnum = 17782 (8 used) >[2012/08/30 15:27:59.458990, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsps6.dll hash 0x8e4b266b >[2012/08/30 15:27:59.459110, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsps6.dll) returning 0744 >[2012/08/30 15:27:59.459229, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.459354, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.459476, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.459617, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.459739, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsps6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.459867, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.459993, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c0555c0 >[2012/08/30 15:27:59.460110, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bab:0 >[2012/08/30 15:27:59.460230, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.460362, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:27:59.460487, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c055800 >[2012/08/30 15:27:59.460606, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.460724, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.460852, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsps6.dll, flags = 00 mode = 0744, fd = 42. >[2012/08/30 15:27:59.460970, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsps6.dll read=Yes write=No (numopen=7) >[2012/08/30 15:27:59.461092, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153928 >[2012/08/30 15:27:59.461213, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsps6.dll, 801:23bab:0/1302153928, tv_sec = 503fbebf, tv_usec = 70072 >[2012/08/30 15:27:59.461336, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.461472, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.461761, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:27:59.461887, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.462008, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.462127, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.462246, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.462366, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.462492, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.462628, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.462757, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.462879, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17782, open name = x64/3/cupsps6.dll >[2012/08/30 15:27:59.464100, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:59.464255, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:59.464409, 3] smbd/process.c:1662(process_smb) > Transaction 265 of length 90 (0 toread) >[2012/08/30 15:27:59.464537, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.464599, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22026 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17782 (0x4576) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:59.466737, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:59.466867, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.466986, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.467236, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:59.467359, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:59.467480, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 76 45 01 00 ....vE.. >[2012/08/30 15:27:59.467614, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4576] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:59.467735, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:59.467861, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.467939, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22026 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.468711, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.469252, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.469385, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.469503, 3] smbd/process.c:1662(process_smb) > Transaction 266 of length 76 (0 toread) >[2012/08/30 15:27:59.469636, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.469698, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22090 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.471326, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 76 45 ED 03 ...vE.. >[2012/08/30 15:27:59.471455, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.471624, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.471745, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:59.471884, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.472046, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.472166, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.472285, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1005 call=7 total_data=0 >[2012/08/30 15:27:59.472404, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1005 max_data=24 >[2012/08/30 15:27:59.472523, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.472641, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.472759, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.472881, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:59.473004, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:59.473123, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:59.473240, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.473302, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22090 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:59.474811, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 44 00 ........ ......D. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:59.475983, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.476150, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.476270, 3] smbd/process.c:1662(process_smb) > Transaction 267 of length 76 (0 toread) >[2012/08/30 15:27:59.476388, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.476449, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22154 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.479241, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 76 45 EC 03 ...vE.. >[2012/08/30 15:27:59.479396, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.479586, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.479721, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.479862, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.480002, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.480488, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.480608, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.480729, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1004 max_data=40 >[2012/08/30 15:27:59.480847, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.480984, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.481103, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.481225, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.481343, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:59.481718, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.481836, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.481958, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.482019, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22154 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.483346, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0010] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:59.484371, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.484516, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.484652, 3] smbd/process.c:1662(process_smb) > Transaction 268 of length 76 (0 toread) >[2012/08/30 15:27:59.484770, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.484832, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22218 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.486637, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 76 45 FE 03 ...vE.. >[2012/08/30 15:27:59.486765, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.486884, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.487005, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:59.487345, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.487558, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.487689, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.487839, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1022 call=7 total_data=0 >[2012/08/30 15:27:59.487959, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1022 max_data=4094 >[2012/08/30 15:27:59.488109, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.488227, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.488345, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.488484, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:59.488608, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:59.488726, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:59.488873, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.488934, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22218 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:59.490414, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 44 00 ........ ......D. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:59.491222, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.491366, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.491484, 3] smbd/process.c:1662(process_smb) > Transaction 269 of length 76 (0 toread) >[2012/08/30 15:27:59.491611, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.491673, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22282 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.493405, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 76 45 EC 03 ...vE.. >[2012/08/30 15:27:59.493536, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.493659, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.493781, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.493915, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.494061, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:27:59.494182, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:27:59.494301, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsps6.dll (fnum = 17782) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.494423, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsps6.dll (fnum = 17782) level=1004 max_data=40 >[2012/08/30 15:27:59.494542, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsps6.dll >[2012/08/30 15:27:59.494666, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.494785, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.494909, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.495029, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:59.495391, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.495552, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.495695, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.495757, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22282 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.497251, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 9E A4 D2 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0010] CC E3 86 CD 01 9E A4 D2 2E 28 7B CD 01 9E A4 D2 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:59.498790, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:59.498947, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:59.499068, 3] smbd/process.c:1662(process_smb) > Transaction 270 of length 74 (0 toread) >[2012/08/30 15:27:59.499187, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.499249, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22346 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:59.502201, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:59.502335, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.502455, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.502577, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:59.502712, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:59.502845, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:59.502962, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:59.503080, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.503141, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22346 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:59.504525, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:59.504838, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:59.505908, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.506376, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.506499, 3] smbd/process.c:1662(process_smb) > Transaction 271 of length 63 (0 toread) >[2012/08/30 15:27:59.506618, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.506700, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22410 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17782 (0x4576) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=17408 (0x4400) > smb_vwv[ 6]=17408 (0x4400) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=17408 (0x4400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.508242, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.508469, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.508592, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.508719, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cupsps6.dll >[2012/08/30 15:27:59.508859, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=17408 unlocked for fnum 17782 file x64/3/cupsps6.dll >[2012/08/30 15:27:59.511704, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cupsps6.dll): pos = 0, size = 17408, returned 17408 >[2012/08/30 15:27:59.511840, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17782 max=17408 nread=17408 >[2012/08/30 15:27:59.515296, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.515481, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.515615, 3] smbd/process.c:1662(process_smb) > Transaction 272 of length 122 (0 toread) >[2012/08/30 15:27:59.515753, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.515815, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22474 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:59.517442, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C .p.s.u.i .6...d.l > [0030] 00 6C 00 00 00 .l... >[2012/08/30 15:27:59.517800, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.519706, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.519847, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.519976, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsui6.dll" >[2012/08/30 15:27:59.520103, 10] smbd/statcache.c:244(stat_cache_lookup) > stat_cache_lookup: lookup failed for name [X64/3/CUPSUI6.DLL] >[2012/08/30 15:27:59.520244, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3] -> [x64/3] >[2012/08/30 15:27:59.520369, 5] smbd/filename.c:416(unix_convert) > unix_convert begin: name = x64/3/cupsui6.dll, dirpath = x64/3, start = cupsui6.dll >[2012/08/30 15:27:59.520493, 5] smbd/statcache.c:143(stat_cache_add) > stat_cache_add: Added entry (7fd50c057150:size 11) X64/3/CUPSUI6.DLL -> x64/3/cupsui6.dll >[2012/08/30 15:27:59.520611, 5] smbd/filename.c:439(unix_convert) > conversion of base_name finished x64/3/cupsui6.dll -> x64/3/cupsui6.dll >[2012/08/30 15:27:59.520729, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.520859, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] >[2012/08/30 15:27:59.520977, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll >[2012/08/30 15:27:59.521095, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cupsui6.dll >[2012/08/30 15:27:59.521231, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.521519, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.521644, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.521762, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.521928, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.522046, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cupsui6.dll, attr = 22 >[2012/08/30 15:27:59.522164, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.522412, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c029190 now at offset -1 >[2012/08/30 15:27:59.522542, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.522664, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.522783, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.522935, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.523053, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cupsui6.dll] found x64/3/cupsui6.dll fname=cupsui6.dll (cupsui6.dll) >[2012/08/30 15:27:59.523178, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.523296, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.523427, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.523621, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.523748, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:59.523867, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:59.523985, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.524047, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22474 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:59.525442, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0020] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... > [0030] 2E 28 7B CD 01 00 4C 00 00 00 00 00 00 00 00 10 .({...L. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C 00 6C .s.u.i.6 ...d.l.l > [0080] 00 . >[2012/08/30 15:27:59.533190, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cupsui6.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.533840, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 118 >[2012/08/30 15:27:59.533972, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x76 >[2012/08/30 15:27:59.534091, 3] smbd/process.c:1662(process_smb) > Transaction 273 of length 122 (0 toread) >[2012/08/30 15:27:59.534209, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.534270, 5] lib/util.c:342(show_msg) > size=118 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22538 > smt_wct=15 > smb_vwv[ 0]= 50 (0x32) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 10 (0xA) > smb_vwv[ 3]=16384 (0x4000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 50 (0x32) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 1 (0x1) > smb_bcc=53 >[2012/08/30 15:27:59.536681, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 16 00 56 05 07 00 04 01 00 00 00 00 5C .....V.. .......\ > [0010] 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 00 75 .x.6.4.\ .3.\.c.u > [0020] 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C .p.s.u.i .6...d.l > [0030] 00 6C 00 00 00 .l... >[2012/08/30 15:27:59.537017, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.537136, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.537260, 3] smbd/trans2.c:2286(call_trans2findfirst) > call_trans2findfirst: dirtype = 16, maxentries = 1366, close_after_first=1, close_if_end = 1 requires_resume_key = 1 level = 0x104, max_data_bytes = 16384 >[2012/08/30 15:27:59.537387, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsui6.dll" >[2012/08/30 15:27:59.537509, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] >[2012/08/30 15:27:59.537643, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.537773, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] >[2012/08/30 15:27:59.537941, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll >[2012/08/30 15:27:59.538060, 5] smbd/trans2.c:2371(call_trans2findfirst) > dir=x64/3, mask = cupsui6.dll >[2012/08/30 15:27:59.538235, 5] smbd/dir.c:439(dptr_create) > dptr_create dir=x64/3 >[2012/08/30 15:27:59.538354, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3] [/var/lib/samba/printers] >[2012/08/30 15:27:59.538479, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3] -> [/var/lib/samba/printers/x64/3] >[2012/08/30 15:27:59.538597, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3 reduced to /var/lib/samba/printers/x64/3 >[2012/08/30 15:27:59.538726, 3] smbd/dir.c:578(dptr_create) > creating new dirptr 256 for path x64/3, expect_close = 1 >[2012/08/30 15:27:59.538844, 4] smbd/trans2.c:2439(call_trans2findfirst) > dptr_num is 256, wcard = cupsui6.dll, attr = 22 >[2012/08/30 15:27:59.538963, 8] smbd/trans2.c:2448(call_trans2findfirst) > dirpath=<x64/3> dontdescend=<> >[2012/08/30 15:27:59.539095, 6] smbd/dir.c:969(smbd_dirptr_get_entry) > smbd_dirptr_get_entry: dirptr 0x7fd50c014be0 now at offset -1 >[2012/08/30 15:27:59.539216, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.539451, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.539618, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.539752, 10] locking/locking.c:1026(fetch_share_mode_unlocked) > fetch_share_mode_unlocked: no share_mode record around (file not open) >[2012/08/30 15:27:59.539871, 3] smbd/dir.c:1041(smbd_dirptr_get_entry) > smbd_dirptr_get_entry mask=[cupsui6.dll] found x64/3/cupsui6.dll fname=cupsui6.dll (cupsui6.dll) >[2012/08/30 15:27:59.539995, 10] smbd/trans2.c:1572(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: space_remaining = 16384 >[2012/08/30 15:27:59.540126, 10] smbd/trans2.c:1721(smbd_marshall_dir_entry) > smbd_marshall_dir_entry: SMB_FIND_FILE_BOTH_DIRECTORY_INFO >[2012/08/30 15:27:59.540254, 5] smbd/trans2.c:2505(call_trans2findfirst) > call_trans2findfirst - (2) closing dptr_num 256 >[2012/08/30 15:27:59.540373, 4] smbd/dir.c:257(dptr_close_internal) > closing dptr key 256 >[2012/08/30 15:27:59.540500, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 10, data_sent_thistime = 116, useable_space = 131010 >[2012/08/30 15:27:59.540620, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 10, data_to_send = 116, paramsize = 10, datasize = 116 >[2012/08/30 15:27:59.540738, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.540800, 5] lib/util.c:342(show_msg) > size=184 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22538 > smt_wct=10 > smb_vwv[ 0]= 10 (0xA) > smb_vwv[ 1]= 116 (0x74) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 10 (0xA) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 116 (0x74) > smb_vwv[ 7]= 68 (0x44) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=129 >[2012/08/30 15:27:59.542353, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 FD FF 01 00 01 00 00 00 00 00 00 00 74 00 00 ........ .....t.. > [0010] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0020] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... > [0030] 2E 28 7B CD 01 00 4C 00 00 00 00 00 00 00 00 10 .({...L. ........ > [0040] 00 00 00 00 00 20 00 00 00 16 00 00 00 00 00 00 ..... .. ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 63 00 75 00 70 ........ ...c.u.p > [0070] 00 73 00 75 00 69 00 36 00 2E 00 64 00 6C 00 6C .s.u.i.6 ...d.l.l > [0080] 00 . >[2012/08/30 15:27:59.543177, 4] smbd/trans2.c:2549(call_trans2findfirst) > SMBtrans2 mask=cupsui6.dll directory=x64/3 dirtype=22 numentries=1 >[2012/08/30 15:27:59.544787, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.544947, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.545089, 3] smbd/process.c:1662(process_smb) > Transaction 274 of length 126 (0 toread) >[2012/08/30 15:27:59.545208, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.545271, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22602 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 256 (0x100) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.547620, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.547888, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.548015, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.548259, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.548384, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsui6.dll" >[2012/08/30 15:27:59.548506, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] >[2012/08/30 15:27:59.548635, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.548765, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] >[2012/08/30 15:27:59.548882, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll >[2012/08/30 15:27:59.549001, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.549123, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x1, create_disposition = 0x1 create_options = 0x40 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.549251, 5] smbd/files.c:140(file_new) > allocated file structure 13687, fnum = 17783 (9 used) >[2012/08/30 15:27:59.549373, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 >[2012/08/30 15:27:59.549493, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsui6.dll) returning 0744 >[2012/08/30 15:27:59.549621, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x1 create_disposition = 0x1 create_options=0x40 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.549777, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.549896, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.550015, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.550134, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.550259, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.550399, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057630 >[2012/08/30 15:27:59.550523, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 >[2012/08/30 15:27:59.550643, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.550795, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.550917, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057870 >[2012/08/30 15:27:59.551036, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.551154, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.551281, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. >[2012/08/30 15:27:59.551399, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) >[2012/08/30 15:27:59.551595, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153929 >[2012/08/30 15:27:59.551717, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153929, tv_sec = 503fbebf, tv_usec = 86181 >[2012/08/30 15:27:59.551841, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.551979, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.552101, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.552227, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.552345, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.552462, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.552580, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.552717, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.552842, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.552977, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.553105, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.553230, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17783, open name = x64/3/cupsui6.dll >[2012/08/30 15:27:59.553917, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.554091, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.554209, 3] smbd/process.c:1662(process_smb) > Transaction 275 of length 76 (0 toread) >[2012/08/30 15:27:59.554327, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.554388, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22666 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 8 (0x8) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.556061, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 77 45 EE 03 ...wE.. >[2012/08/30 15:27:59.556193, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.556313, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.556436, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1006 >[2012/08/30 15:27:59.556571, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.556709, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.556830, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.556950, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17783) level=1006 call=7 total_data=0 >[2012/08/30 15:27:59.557070, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17783) level=1006 max_data=8 >[2012/08/30 15:27:59.557192, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.557310, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.557428, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.557716, 10] smbd/trans2.c:4615(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_INTERNAL_INFORMATION >[2012/08/30 15:27:59.557836, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 8, useable_space = 131010 >[2012/08/30 15:27:59.557966, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 8, paramsize = 2, datasize = 8 >[2012/08/30 15:27:59.558090, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.558151, 5] lib/util.c:342(show_msg) > size=68 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22666 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 8 (0x8) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 8 (0x8) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=13 >[2012/08/30 15:27:59.559552, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 AC 3B 02 00 00 00 00 00 ......;. ..... >[2012/08/30 15:27:59.561418, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.561930, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.562054, 3] smbd/process.c:1662(process_smb) > Transaction 276 of length 63 (0 toread) >[2012/08/30 15:27:59.562173, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.562239, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=59399 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22730 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17783 (0x4577) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 4096 (0x1000) > smb_vwv[ 6]= 4096 (0x1000) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4096 (0x1000) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.564315, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.564386, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.564509, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.564635, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.564754, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=4096 unlocked for fnum 17783 file x64/3/cupsui6.dll >[2012/08/30 15:27:59.564899, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cupsui6.dll): pos = 0, size = 4096, returned 4096 >[2012/08/30 15:27:59.565025, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17783 max=4096 nread=4096 >[2012/08/30 15:27:59.571606, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.571801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.571937, 3] smbd/process.c:1662(process_smb) > Transaction 277 of length 45 (0 toread) >[2012/08/30 15:27:59.572056, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.572117, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22794 > smt_wct=3 > smb_vwv[ 0]=17783 (0x4577) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.573106, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.573178, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.573298, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.573434, 3] smbd/reply.c:4848(reply_close) > close fd=43 fnum=17783 (numopen=8) >[2012/08/30 15:27:59.573951, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.574090, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153929 has kernel oplock state of 1. >[2012/08/30 15:27:59.574249, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.574378, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c059130 >[2012/08/30 15:27:59.574496, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.574650, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x1, private_options = 0x0, access_mask = 0x20089, mid = 0x584a, type= 0x3, gen_id = 1302153929, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.574772, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.574903, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.575050, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsui6.dll = 0 >[2012/08/30 15:27:59.575169, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsui6.dll >[2012/08/30 15:27:59.575295, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsui6.dll (numopen=7) NT_STATUS_OK >[2012/08/30 15:27:59.575418, 5] smbd/files.c:482(file_free) > freed files structure 17783 (8 used) >[2012/08/30 15:27:59.575573, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.575646, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22794 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.576456, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.577318, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.577488, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.577610, 3] smbd/process.c:1662(process_smb) > Transaction 278 of length 126 (0 toread) >[2012/08/30 15:27:59.577753, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.577815, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22858 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 768 (0x300) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 0 (0x0) > smb_vwv[20]= 0 (0x0) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.580089, 10] ../lib/util/util.c:415(dump_data) > [0000] FF 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.580366, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.580485, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.580609, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.580751, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsui6.dll" >[2012/08/30 15:27:59.580879, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] >[2012/08/30 15:27:59.581003, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.581152, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] >[2012/08/30 15:27:59.581269, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll >[2012/08/30 15:27:59.581547, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.581683, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x3, create_disposition = 0x1 create_options = 0x0 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.581808, 5] smbd/files.c:140(file_new) > allocated file structure 13688, fnum = 17784 (9 used) >[2012/08/30 15:27:59.581934, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 >[2012/08/30 15:27:59.582057, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsui6.dll) returning 0744 >[2012/08/30 15:27:59.582176, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x3 create_disposition = 0x1 create_options=0x0 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.582318, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.582455, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.582573, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.582709, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.582834, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.582978, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057630 >[2012/08/30 15:27:59.583106, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 >[2012/08/30 15:27:59.583248, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.583382, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.583557, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057870 >[2012/08/30 15:27:59.583686, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.583805, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.583964, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. >[2012/08/30 15:27:59.584083, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) >[2012/08/30 15:27:59.584208, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153930 >[2012/08/30 15:27:59.584330, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153930, tv_sec = 503fbebf, tv_usec = 8e0af >[2012/08/30 15:27:59.584453, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.584604, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.584727, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.584852, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.584972, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.585090, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.585208, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.585347, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.585543, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.585679, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.585823, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.585944, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17784, open name = x64/3/cupsui6.dll >[2012/08/30 15:27:59.586828, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:59.586991, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:59.587110, 3] smbd/process.c:1662(process_smb) > Transaction 279 of length 45 (0 toread) >[2012/08/30 15:27:59.587228, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.587292, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22922 > smt_wct=3 > smb_vwv[ 0]=17784 (0x4578) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:59.588359, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.588463, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.588601, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.588721, 3] smbd/reply.c:4848(reply_close) > close fd=43 fnum=17784 (numopen=8) >[2012/08/30 15:27:59.588843, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:59.588995, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153930 has kernel oplock state of 1. >[2012/08/30 15:27:59.589152, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.589282, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c059130 >[2012/08/30 15:27:59.589423, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.589562, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x3, private_options = 0x0, access_mask = 0x20089, mid = 0x594a, type= 0x3, gen_id = 1302153930, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.589684, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.589804, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.589945, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsui6.dll = 0 >[2012/08/30 15:27:59.590071, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsui6.dll >[2012/08/30 15:27:59.590196, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsui6.dll (numopen=7) NT_STATUS_OK >[2012/08/30 15:27:59.590321, 5] smbd/files.c:482(file_free) > freed files structure 17784 (8 used) >[2012/08/30 15:27:59.590442, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.590504, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=22922 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.591308, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.592111, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 122 >[2012/08/30 15:27:59.592269, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x7a >[2012/08/30 15:27:59.592390, 3] smbd/process.c:1662(process_smb) > Transaction 280 of length 126 (0 toread) >[2012/08/30 15:27:59.592510, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.592576, 5] lib/util.c:342(show_msg) > size=122 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=22986 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 9216 (0x2400) > smb_vwv[ 3]= 5632 (0x1600) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=35072 (0x8900) > smb_vwv[ 8]= 512 (0x200) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1280 (0x500) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]= 1024 (0x400) > smb_vwv[20]= 8192 (0x2000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=39 >[2012/08/30 15:27:59.594944, 10] ../lib/util/util.c:415(dump_data) > [0000] FF 5C 00 78 00 36 00 34 00 5C 00 33 00 5C 00 63 .\.x.6.4 .\.3.\.c > [0010] 00 75 00 70 00 73 00 75 00 69 00 36 00 2E 00 64 .u.p.s.u .i.6...d > [0020] 00 6C 00 6C 00 00 00 .l.l... >[2012/08/30 15:27:59.595219, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.595341, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.595465, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x16, access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 root_dir_fid = 0x0, fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.595638, 5] smbd/filename.c:257(unix_convert) > unix_convert called on file "x64/3/cupsui6.dll" >[2012/08/30 15:27:59.595761, 10] smbd/statcache.c:283(stat_cache_lookup) > stat_cache_lookup: lookup succeeded for name [X64/3/CUPSUI6.DLL] -> [x64/3/cupsui6.dll] >[2012/08/30 15:27:59.595885, 3] smbd/vfs.c:905(check_reduced_name) > check_reduced_name [x64/3/cupsui6.dll] [/var/lib/samba/printers] >[2012/08/30 15:27:59.596031, 10] smbd/vfs.c:969(check_reduced_name) > check_reduced_name realpath [x64/3/cupsui6.dll] -> [/var/lib/samba/printers/x64/3/cupsui6.dll] >[2012/08/30 15:27:59.596149, 3] smbd/vfs.c:1039(check_reduced_name) > check_reduced_name: x64/3/cupsui6.dll reduced to /var/lib/samba/printers/x64/3/cupsui6.dll >[2012/08/30 15:27:59.596266, 10] smbd/open.c:3607(create_file_default) > create_file: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 root_dir_fid = 0x0, ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.596391, 10] smbd/open.c:3127(create_file_unixpath) > create_file_unixpath: access_mask = 0x20089 file_attributes = 0x0, share_access = 0x5, create_disposition = 0x1 create_options = 0x200004 oplock_request = 0x3 private_flags = 0x0 ea_list = 0x(nil), sd = 0x(nil), fname = x64/3/cupsui6.dll >[2012/08/30 15:27:59.596515, 5] smbd/files.c:140(file_new) > allocated file structure 13689, fnum = 17785 (9 used) >[2012/08/30 15:27:59.596637, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /var/lib/samba/printers/x64/3/cupsui6.dll hash 0x3ff5f0d4 >[2012/08/30 15:27:59.596756, 3] smbd/dosmode.c:159(unix_mode) > unix_mode(x64/3/cupsui6.dll) returning 0744 >[2012/08/30 15:27:59.596877, 10] smbd/open.c:1605(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, dos_attrs=0x0 access_mask=0x20089 share_access=0x5 create_disposition = 0x1 create_options=0x200004 unix mode=0744 oplock_request=3 private_flags = 0x0 >[2012/08/30 15:27:59.596998, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.597125, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.597279, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.597399, 10] smbd/open.c:1778(open_file_ntcreate) > open_file_ntcreate: fname=x64/3/cupsui6.dll, after mapping access_mask=0x20089 >[2012/08/30 15:27:59.597524, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.597654, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057630 >[2012/08/30 15:27:59.597770, 10] locking/brlock.c:1814(brl_get_locks_internal) > brl_get_locks_internal: 0 current locks on file_id 801:23bac:0 >[2012/08/30 15:27:59.597890, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.598024, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:27:59.598145, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c057870 >[2012/08/30 15:27:59.598262, 10] smbd/open.c:1163(grant_fsp_oplock_type) > grant_fsp_oplock_type: oplock type 0x3 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.598383, 4] smbd/open.c:2069(open_file_ntcreate) > calling open_file with flags=0x0 flags2=0x0 mode=0744, access_mask = 0x20089, open_access_mask = 0x20089 >[2012/08/30 15:27:59.598510, 10] smbd/open.c:189(fd_open) > fd_open: name x64/3/cupsui6.dll, flags = 00 mode = 0744, fd = 43. >[2012/08/30 15:27:59.598628, 2] smbd/open.c:704(open_file) > administrator opened file x64/3/cupsui6.dll read=Yes write=No (numopen=8) >[2012/08/30 15:27:59.598754, 3] smbd/oplock_linux.c:142(linux_set_kernel_oplock) > linux_set_kernel_oplock: got kernel oplock on file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153931 >[2012/08/30 15:27:59.598875, 5] smbd/oplock.c:92(set_file_oplock) > set_file_oplock: granted oplock on file x64/3/cupsui6.dll, 801:23bac:0/1302153931, tv_sec = 503fbebf, tv_usec = 91a21 >[2012/08/30 15:27:59.598998, 10] locking/locking.c:801(unparse_share_modes) > unparse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num: 1 >[2012/08/30 15:27:59.599152, 10] locking/locking.c:536(print_share_mode_table) > print_share_mode_table: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.599274, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:27:59.599399, 10] smbd/open.c:3419(create_file_unixpath) > create_file_unixpath: info=1 >[2012/08/30 15:27:59.599554, 10] smbd/open.c:3695(create_file_default) > create_file: info=1 >[2012/08/30 15:27:59.599682, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.599802, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.599919, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.600042, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.600193, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.600319, 10] smbd/file_access.c:204(can_access_file_data) > can_access_file_data: requesting 0x2 on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.600437, 5] smbd/nttrans.c:725(reply_ntcreate_and_X) > reply_ntcreate_and_X: fnum = 17785, open name = x64/3/cupsui6.dll >[2012/08/30 15:27:59.601437, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 86 >[2012/08/30 15:27:59.601582, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x56 >[2012/08/30 15:27:59.601721, 3] smbd/process.c:1662(process_smb) > Transaction 281 of length 90 (0 toread) >[2012/08/30 15:27:59.601845, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.601907, 5] lib/util.c:342(show_msg) > size=86 > smb_com=0xa0 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23050 > smt_wct=23 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 512 (0x200) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]=21504 (0x5400) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 512 (0x200) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]=21504 (0x5400) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 1024 (0x400) > smb_vwv[18]= 2 (0x2) > smb_vwv[19]= 452 (0x1C4) > smb_vwv[20]= 20 (0x14) > smb_vwv[21]=17785 (0x4579) > smb_vwv[22]= 1 (0x1) > smb_bcc=5 >[2012/08/30 15:27:59.604079, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 07 16 ..... >[2012/08/30 15:27:59.604210, 3] smbd/process.c:1467(switch_message) > switch message SMBnttrans (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.604329, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.604469, 10] smbd/nttrans.c:3108(reply_nttrans) > num_setup=8, param_total=0, this_param=0, max_param=0, data_total=2, this_data=2, max_data=0, param_offset=84, data_offset=84 >[2012/08/30 15:27:59.604590, 10] smbd/nttrans.c:3180(reply_nttrans) > reply_nttrans: state->setup_count = 8 >[2012/08/30 15:27:59.604708, 10] ../lib/util/util.c:415(dump_data) > [0000] C4 01 14 00 79 45 01 00 ....yE.. >[2012/08/30 15:27:59.604852, 10] smbd/nttrans.c:2481(call_nt_transact_ioctl) > call_nt_transact_ioctl: function[0x001401C4] FID[0x4579] isFSctl[0x01] compfilter[0x00] >[2012/08/30 15:27:59.605126, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/nttrans.c(2514) cmd=160 (SMBnttrans) NT_STATUS_NOT_SUPPORTED >[2012/08/30 15:27:59.605248, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.605314, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0xa0 > smb_rcls=187 > smb_reh=0 > smb_err=49152 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23050 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:59.606114, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.611046, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.611249, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.611369, 3] smbd/process.c:1662(process_smb) > Transaction 282 of length 76 (0 toread) >[2012/08/30 15:27:59.612331, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.612403, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23114 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.614028, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 79 45 ED 03 ...yE.. >[2012/08/30 15:27:59.614176, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.614295, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.614418, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1005 >[2012/08/30 15:27:59.614576, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.614717, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.614839, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.614975, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1005 call=7 total_data=0 >[2012/08/30 15:27:59.615095, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1005 max_data=24 >[2012/08/30 15:27:59.615213, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.615349, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.615467, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.615629, 10] smbd/trans2.c:4473(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STANDARD_INFORMATION >[2012/08/30 15:27:59.615749, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:59.615868, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:59.615988, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.616049, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23114 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:59.617393, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 10 00 00 00 00 00 00 4C 00 ........ ......L. > [0010] 00 00 00 00 00 01 00 00 00 00 00 00 00 ........ ..... >[2012/08/30 15:27:59.618542, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.618684, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.618806, 3] smbd/process.c:1662(process_smb) > Transaction 283 of length 76 (0 toread) >[2012/08/30 15:27:59.618925, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.618986, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23178 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.620654, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 79 45 EC 03 ...yE.. >[2012/08/30 15:27:59.620789, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.620907, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.621030, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.621160, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.621304, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.621428, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.621546, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.621665, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1004 max_data=40 >[2012/08/30 15:27:59.621823, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.621941, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.622059, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.622197, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.622315, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:59.622679, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.623029, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.623156, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.623221, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23178 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.624667, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0010] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:59.625833, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.626035, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.626160, 3] smbd/process.c:1662(process_smb) > Transaction 284 of length 76 (0 toread) >[2012/08/30 15:27:59.626357, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.626448, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23242 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 4094 (0xFFE) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.628268, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 79 45 FE 03 ...yE.. >[2012/08/30 15:27:59.628423, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.628543, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.628684, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1022 >[2012/08/30 15:27:59.629254, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.629440, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.629722, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.629860, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1022 call=7 total_data=0 >[2012/08/30 15:27:59.629985, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1022 max_data=4094 >[2012/08/30 15:27:59.630137, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.630256, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.630392, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.630544, 10] smbd/trans2.c:4675(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_STREAM_INFORMATION >[2012/08/30 15:27:59.630696, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 38, useable_space = 131010 >[2012/08/30 15:27:59.630817, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 38, paramsize = 2, datasize = 38 >[2012/08/30 15:27:59.630946, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.631013, 5] lib/util.c:342(show_msg) > size=98 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23242 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 38 (0x26) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 38 (0x26) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=43 >[2012/08/30 15:27:59.632555, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 00 00 00 0E 00 00 00 00 4C 00 ........ ......L. > [0010] 00 00 00 00 00 00 00 10 00 00 00 00 00 3A 00 3A ........ .....:.: > [0020] 00 24 00 44 00 41 00 54 00 41 00 .$.D.A.T .A. >[2012/08/30 15:27:59.633504, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:59.634155, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:59.634284, 3] smbd/process.c:1662(process_smb) > Transaction 285 of length 76 (0 toread) >[2012/08/30 15:27:59.634402, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.634481, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23306 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 40 (0x28) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:59.636590, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 79 45 EC 03 ...yE.. >[2012/08/30 15:27:59.636728, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.636864, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.636985, 3] smbd/trans2.c:5026(call_trans2qfilepathinfo) > call_trans2qfilepathinfo: TRANSACT2_QFILEINFO: level = 1004 >[2012/08/30 15:27:59.637136, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:27:59.637285, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.637406, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:27:59.637538, 3] smbd/trans2.c:5255(call_trans2qfilepathinfo) > call_trans2qfilepathinfo x64/3/cupsui6.dll (fnum = 17785) level=1004 call=7 total_data=0 >[2012/08/30 15:27:59.637658, 5] smbd/trans2.c:4223(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: x64/3/cupsui6.dll (fnum = 17785) level=1004 max_data=40 >[2012/08/30 15:27:59.637838, 8] smbd/dosmode.c:621(dos_mode) > dos_mode: x64/3/cupsui6.dll >[2012/08/30 15:27:59.637981, 8] smbd/dosmode.c:199(dos_mode_from_sbuf) > dos_mode_from_sbuf returning a >[2012/08/30 15:27:59.638099, 8] smbd/dosmode.c:672(dos_mode) > dos_mode returning a >[2012/08/30 15:27:59.638255, 10] smbd/trans2.c:4452(smbd_do_qfilepathinfo) > smbd_do_qfilepathinfo: SMB_FILE_BASIC_INFORMATION >[2012/08/30 15:27:59.638379, 5] smbd/trans2.c:4462(smbd_do_qfilepathinfo) > SMB_QFBI - create: Wed Aug 15 16:54:38 2012 > access: Thu Aug 30 15:15:20 2012 > write: Wed Aug 15 16:54:38 2012 > change: Wed Aug 15 16:54:38 2012 > mode: 20 >[2012/08/30 15:27:59.638742, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 40, useable_space = 131010 >[2012/08/30 15:27:59.638890, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 40, paramsize = 2, datasize = 40 >[2012/08/30 15:27:59.639142, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.639206, 5] lib/util.c:342(show_msg) > size=100 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23306 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 40 (0x28) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 40 (0x28) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=45 >[2012/08/30 15:27:59.640672, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 1B FE D3 2E 28 7B CD 01 68 FE 25 ........ .({..h.% > [0010] CC E3 86 CD 01 1B FE D3 2E 28 7B CD 01 1B FE D3 ........ .({..... > [0020] 2E 28 7B CD 01 20 00 00 00 00 00 00 00 .({.. .. ..... >[2012/08/30 15:27:59.642117, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 70 >[2012/08/30 15:27:59.642276, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x46 >[2012/08/30 15:27:59.642413, 3] smbd/process.c:1662(process_smb) > Transaction 286 of length 74 (0 toread) >[2012/08/30 15:27:59.642534, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.642596, 5] lib/util.c:342(show_msg) > size=70 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23370 > smt_wct=15 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 560 (0x230) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 2 (0x2) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 3 (0x3) > smb_bcc=5 >[2012/08/30 15:27:59.644297, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 05 01 ..... >[2012/08/30 15:27:59.644426, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.644547, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.644693, 3] smbd/trans2.c:3507(call_trans2qfsinfo) > call_trans2qfsinfo: level = 261 >[2012/08/30 15:27:59.644833, 3] smbd/trans2.c:2945(smbd_do_qfsinfo) > smbd_do_qfsinfo: level = 261 >[2012/08/30 15:27:59.644984, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 0, data_sent_thistime = 20, useable_space = 131012 >[2012/08/30 15:27:59.645103, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 0, data_to_send = 20, paramsize = 0, datasize = 20 >[2012/08/30 15:27:59.645238, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.645299, 5] lib/util.c:342(show_msg) > size=76 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=292 > smb_uid=100 > smb_mid=23370 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 20 (0x14) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 20 (0x14) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=21 >[2012/08/30 15:27:59.646760, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 2F 00 01 00 FF 00 00 00 08 00 00 00 4E 00 54 ./...... .....N.T > [0010] 00 46 00 53 00 .F.S. >[2012/08/30 15:27:59.647057, 4] smbd/trans2.c:3523(call_trans2qfsinfo) > SMBtrans2 info_level = 261 >[2012/08/30 15:27:59.647898, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:59.648058, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:59.648177, 3] smbd/process.c:1662(process_smb) > Transaction 287 of length 63 (0 toread) >[2012/08/30 15:27:59.648312, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:59.648374, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23434 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17785 (0x4579) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=19456 (0x4C00) > smb_vwv[ 6]=19456 (0x4C00) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]=19456 (0x4C00) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:59.650068, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:59.650140, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:27:59.650338, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:59.650481, 10] locking/locking.c:121(strict_lock_default) > is_locked: optimisation - exclusive oplock on file x64/3/cupsui6.dll >[2012/08/30 15:27:59.650600, 10] locking/locking.c:163(strict_lock_default) > strict_lock_default: flavour = WINDOWS_LOCK brl start=0 len=19456 unlocked for fnum 17785 file x64/3/cupsui6.dll >[2012/08/30 15:27:59.650760, 10] smbd/fileio.c:109(read_file) > read_file (x64/3/cupsui6.dll): pos = 0, size = 19456, returned 19456 >[2012/08/30 15:27:59.650893, 3] smbd/reply.c:3702(send_file_readX) > send_file_readX fnum=17785 max=19456 nread=19456 >[2012/08/30 15:28:00.868140, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:28:00.868377, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:28:00.868506, 3] smbd/process.c:1662(process_smb) > Transaction 288 of length 132 (0 toread) >[2012/08/30 15:28:00.868646, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:00.868709, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=23498 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 4136 (0x1028) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17758 (0x455E) > smb_bcc=61 >[2012/08/30 15:28:00.870687, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 32 00 00 ........ .....2.. > [0030] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:28:00.871034, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:28:00.871161, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:00.871303, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:28:00.874674, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:28:00.875104, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:28:00.875231, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/08/30 15:28:00.875361, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:28:00.875482, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:28:00.875626, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:28:00.875745, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:28:00.875863, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455e) >[2012/08/30 15:28:00.875982, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 4136 >[2012/08/30 15:28:00.879187, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:28:00.879343, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:28:00.879464, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:28:00.879657, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:28:00.879821, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:28:00.880862, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:28:00.881034, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:28:00.881155, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:28:00.881315, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:28:00.881434, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:28:00.881554, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:28:00.881680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:28:00.894560, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:28:00.894731, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:28:00.894883, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:28:00.895038, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:28:00.895187, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:28:00.895338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000032-0000-0000-3f50-b9beee0b0000 >[2012/08/30 15:28:00.896630, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:28:00.896874, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:28:00.897087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 32 00 00 00 00 00 00 00 3F 50 B9 BE ....2... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:28:00.897374, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:28:00.897521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:28:00.898087, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:28:00.898186, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:28:00.898437, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 4136 >[2012/08/30 15:28:00.898588, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:28:00.898755, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:28:00.900231, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:28:00.900360, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:28:00.900764, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:28:00.900886, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:00.900948, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=23498 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:28:00.902489, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:28:00.905692, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:00.905889, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:00.906017, 3] smbd/process.c:1662(process_smb) > Transaction 289 of length 45 (0 toread) >[2012/08/30 15:28:00.906216, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:00.906283, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=23562 > smt_wct=3 > smb_vwv[ 0]=17758 (0x455E) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:00.907270, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:00.907418, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:28:00.907564, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:00.907697, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17758 (numopen=1) >[2012/08/30 15:28:00.907949, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:00.908100, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \spoolss >[2012/08/30 15:28:00.908232, 5] smbd/files.c:482(file_free) > freed files structure 17758 (8 used) >[2012/08/30 15:28:00.908384, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:00.908447, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=23562 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:00.909242, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.283599, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:09.283862, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:09.283988, 3] smbd/process.c:1662(process_smb) > Transaction 290 of length 45 (0 toread) >[2012/08/30 15:28:09.284110, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.284174, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23626 > smt_wct=3 > smb_vwv[ 0]=17764 (0x4564) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:09.288608, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.288696, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:09.288827, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:09.289062, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:28:09.296952, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:28:09.297565, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:28:09.297691, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/printers >[2012/08/30 15:28:09.297818, 3] smbd/reply.c:4848(reply_close) > close fd=36 fnum=17764 (numopen=8) >[2012/08/30 15:28:09.297936, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:09.298228, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript5.dll, file_id = 801:23ba5:0 gen_id = 1302153910 has kernel oplock state of 1. >[2012/08/30 15:28:09.298375, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A53B >[2012/08/30 15:28:09.298508, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c059190 >[2012/08/30 15:28:09.298629, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:09.298771, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x2c40, type= 0x3, gen_id = 1302153910, uid = 10000, flags = 0, file_id 801:23ba5:0, name_hash = 0xdec2eda5 >[2012/08/30 15:28:09.298894, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xdec2eda5 >[2012/08/30 15:28:09.299019, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A53B >[2012/08/30 15:28:09.299152, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript5.dll = 0 >[2012/08/30 15:28:09.302748, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript5.dll >[2012/08/30 15:28:09.303040, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript5.dll (numopen=7) NT_STATUS_OK >[2012/08/30 15:28:09.303292, 5] smbd/files.c:482(file_free) > freed files structure 17764 (7 used) >[2012/08/30 15:28:09.303533, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.313899, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23626 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:09.315015, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.317434, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:09.317617, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:09.317759, 3] smbd/process.c:1662(process_smb) > Transaction 291 of length 45 (0 toread) >[2012/08/30 15:28:09.317878, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.317940, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23690 > smt_wct=3 > smb_vwv[ 0]=17767 (0x4567) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:09.319254, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.319328, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:09.319451, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:09.320365, 3] smbd/reply.c:4848(reply_close) > close fd=37 fnum=17767 (numopen=7) >[2012/08/30 15:28:09.320526, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:09.320707, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/HP_4515.ppd, file_id = 801:23ba6:0 gen_id = 1302153913 has kernel oplock state of 1. >[2012/08/30 15:28:09.320882, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A63B >[2012/08/30 15:28:09.321042, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d230 >[2012/08/30 15:28:09.321191, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:09.321358, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3440, type= 0x3, gen_id = 1302153913, uid = 10000, flags = 0, file_id 801:23ba6:0, name_hash = 0xcfec0173 >[2012/08/30 15:28:09.321507, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xcfec0173 >[2012/08/30 15:28:09.321653, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A63B >[2012/08/30 15:28:09.321805, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/HP_4515.ppd = 0 >[2012/08/30 15:28:09.322127, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/HP_4515.ppd >[2012/08/30 15:28:09.322278, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/HP_4515.ppd (numopen=6) NT_STATUS_OK >[2012/08/30 15:28:09.322420, 5] smbd/files.c:482(file_free) > freed files structure 17767 (6 used) >[2012/08/30 15:28:09.322561, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.322640, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23690 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:09.323556, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.325122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:09.325297, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:09.325483, 3] smbd/process.c:1662(process_smb) > Transaction 292 of length 45 (0 toread) >[2012/08/30 15:28:09.325619, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.325694, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23754 > smt_wct=3 > smb_vwv[ 0]=17770 (0x456A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:09.326893, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.327007, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:09.327138, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:09.327269, 3] smbd/reply.c:4848(reply_close) > close fd=38 fnum=17770 (numopen=6) >[2012/08/30 15:28:09.327398, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:09.327573, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/ps5ui.dll, file_id = 801:23ba7:0 gen_id = 1302153916 has kernel oplock state of 1. >[2012/08/30 15:28:09.327720, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A73B >[2012/08/30 15:28:09.327865, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c04ae10 >[2012/08/30 15:28:09.327983, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:09.328119, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x3840, type= 0x3, gen_id = 1302153916, uid = 10000, flags = 0, file_id 801:23ba7:0, name_hash = 0xe1875e7e >[2012/08/30 15:28:09.328303, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0xe1875e7e >[2012/08/30 15:28:09.328431, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A73B >[2012/08/30 15:28:09.328622, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/ps5ui.dll = 0 >[2012/08/30 15:28:09.328750, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/ps5ui.dll >[2012/08/30 15:28:09.328875, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/ps5ui.dll (numopen=5) NT_STATUS_OK >[2012/08/30 15:28:09.328996, 5] smbd/files.c:482(file_free) > freed files structure 17770 (5 used) >[2012/08/30 15:28:09.329117, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.329178, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23754 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:09.330221, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.331304, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:09.331471, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:09.331624, 3] smbd/process.c:1662(process_smb) > Transaction 293 of length 45 (0 toread) >[2012/08/30 15:28:09.332009, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.332095, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23818 > smt_wct=3 > smb_vwv[ 0]=17773 (0x456D) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:09.335295, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.335403, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:09.335584, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:09.335821, 3] smbd/reply.c:4848(reply_close) > close fd=39 fnum=17773 (numopen=5) >[2012/08/30 15:28:09.335947, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:09.336086, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.hlp, file_id = 801:23ba8:0 gen_id = 1302153919 has kernel oplock state of 1. >[2012/08/30 15:28:09.336229, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A83B >[2012/08/30 15:28:09.336360, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d230 >[2012/08/30 15:28:09.336518, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:09.336670, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x41ca, type= 0x3, gen_id = 1302153919, uid = 10000, flags = 0, file_id 801:23ba8:0, name_hash = 0x5179febe >[2012/08/30 15:28:09.336794, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x5179febe >[2012/08/30 15:28:09.336919, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A83B >[2012/08/30 15:28:09.337052, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.hlp = 0 >[2012/08/30 15:28:09.337175, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.hlp >[2012/08/30 15:28:09.337307, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.hlp (numopen=4) NT_STATUS_OK >[2012/08/30 15:28:09.337435, 5] smbd/files.c:482(file_free) > freed files structure 17773 (4 used) >[2012/08/30 15:28:09.337570, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.337633, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23818 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:09.338620, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.340633, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:09.340866, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:09.341003, 3] smbd/process.c:1662(process_smb) > Transaction 294 of length 45 (0 toread) >[2012/08/30 15:28:09.341284, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.341361, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23882 > smt_wct=3 > smb_vwv[ 0]=17776 (0x4570) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:09.342397, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:09.342493, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:09.342624, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:09.342756, 3] smbd/reply.c:4848(reply_close) > close fd=40 fnum=17776 (numopen=4) >[2012/08/30 15:28:09.342886, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:09.343036, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/pscript.ntf, file_id = 801:23ba9:0 gen_id = 1302153922 has kernel oplock state of 1. >[2012/08/30 15:28:09.343184, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000A93B >[2012/08/30 15:28:09.343321, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d230 >[2012/08/30 15:28:09.343440, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:09.343679, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x45ca, type= 0x3, gen_id = 1302153922, uid = 10000, flags = 0, file_id 801:23ba9:0, name_hash = 0x7d40e663 >[2012/08/30 15:28:09.343874, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x7d40e663 >[2012/08/30 15:28:09.344018, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000A93B >[2012/08/30 15:28:09.344150, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/pscript.ntf = 0 >[2012/08/30 15:28:09.344272, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/pscript.ntf >[2012/08/30 15:28:09.344437, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/pscript.ntf (numopen=3) NT_STATUS_OK >[2012/08/30 15:28:09.344559, 5] smbd/files.c:482(file_free) > freed files structure 17776 (3 used) >[2012/08/30 15:28:09.344700, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:09.344763, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23882 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:09.345609, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.265332, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:15.265569, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:15.265691, 3] smbd/process.c:1662(process_smb) > Transaction 295 of length 45 (0 toread) >[2012/08/30 15:28:15.265815, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.265901, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23946 > smt_wct=3 > smb_vwv[ 0]=17779 (0x4573) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:15.266876, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.266942, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:15.267062, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:15.267183, 3] smbd/reply.c:4848(reply_close) > close fd=41 fnum=17779 (numopen=3) >[2012/08/30 15:28:15.267301, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:15.267437, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cups6.ini, file_id = 801:23baa:0 gen_id = 1302153925 has kernel oplock state of 1. >[2012/08/30 15:28:15.267628, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AA3B >[2012/08/30 15:28:15.267764, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d220 >[2012/08/30 15:28:15.267922, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Thu Aug 30 15:15:20 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:15.268060, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x51ca, type= 0x3, gen_id = 1302153925, uid = 10000, flags = 0, file_id 801:23baa:0, name_hash = 0x3d0916cb >[2012/08/30 15:28:15.268185, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3d0916cb >[2012/08/30 15:28:15.268311, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AA3B >[2012/08/30 15:28:15.268438, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cups6.ini = 0 >[2012/08/30 15:28:15.268575, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cups6.ini >[2012/08/30 15:28:15.268701, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cups6.ini (numopen=2) NT_STATUS_OK >[2012/08/30 15:28:15.268825, 5] smbd/files.c:482(file_free) > freed files structure 17779 (2 used) >[2012/08/30 15:28:15.269129, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.269203, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=23946 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:15.270506, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.272280, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 35 >[2012/08/30 15:28:15.272463, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2012/08/30 15:28:15.272582, 3] smbd/process.c:1662(process_smb) > Transaction 296 of length 39 (0 toread) >[2012/08/30 15:28:15.272701, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.272762, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=24010 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:15.273793, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.273864, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:28:15.273983, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:15.274101, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:15.274219, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:15.274421, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:15.274562, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/08/30 15:28:15.274719, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:15.274838, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:15.274954, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:15.275130, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:15.275251, 3] smbd/service.c:1378(close_cnum) > panama (192.168.30.50) closed connection to service IPC$ >[2012/08/30 15:28:15.275375, 3] smbd/connection.c:35(yield_connection) > Yielding connection to IPC$ >[2012/08/30 15:28:15.275535, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:28:15.275682, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d150 >[2012/08/30 15:28:15.275864, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:28:15.276162, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2012/08/30 15:28:15.276291, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:15.276410, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:15.276532, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:15.276716, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:15.276885, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.276949, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=24010 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:15.277729, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.280728, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:15.280922, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:15.281084, 3] smbd/process.c:1662(process_smb) > Transaction 297 of length 45 (0 toread) >[2012/08/30 15:28:15.281202, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.281263, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24074 > smt_wct=3 > smb_vwv[ 0]=17782 (0x4576) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:15.282301, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.282366, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:15.282489, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:15.282608, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:28:15.287780, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:28:15.288210, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:28:15.288335, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /var/lib/samba/printers >[2012/08/30 15:28:15.288461, 3] smbd/reply.c:4848(reply_close) > close fd=42 fnum=17782 (numopen=2) >[2012/08/30 15:28:15.288578, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:15.288713, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsps6.dll, file_id = 801:23bab:0 gen_id = 1302153928 has kernel oplock state of 1. >[2012/08/30 15:28:15.289895, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AB3B >[2012/08/30 15:28:15.290045, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d290 >[2012/08/30 15:28:15.290167, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:15.290305, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x55ca, type= 0x3, gen_id = 1302153928, uid = 10000, flags = 0, file_id 801:23bab:0, name_hash = 0x8e4b266b >[2012/08/30 15:28:15.290444, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x8e4b266b >[2012/08/30 15:28:15.290572, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AB3B >[2012/08/30 15:28:15.290701, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsps6.dll = 0 >[2012/08/30 15:28:15.290822, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsps6.dll >[2012/08/30 15:28:15.290947, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsps6.dll (numopen=1) NT_STATUS_OK >[2012/08/30 15:28:15.291068, 5] smbd/files.c:482(file_free) > freed files structure 17782 (1 used) >[2012/08/30 15:28:15.291208, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.291270, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24074 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:15.292226, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.293950, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:28:15.294133, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:28:15.294945, 3] smbd/process.c:1662(process_smb) > Transaction 298 of length 45 (0 toread) >[2012/08/30 15:28:15.295075, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.295138, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24138 > smt_wct=3 > smb_vwv[ 0]=17785 (0x4579) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:28:15.296239, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:15.296305, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:15.296568, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:28:15.296692, 3] smbd/reply.c:4848(reply_close) > close fd=43 fnum=17785 (numopen=1) >[2012/08/30 15:28:15.296813, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:28:15.296952, 10] smbd/oplock_linux.c:154(linux_release_kernel_oplock) > linux_release_kernel_oplock: file x64/3/cupsui6.dll, file_id = 801:23bac:0 gen_id = 1302153931 has kernel oplock state of 1. >[2012/08/30 15:28:15.297095, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 0108000000000000AC3B >[2012/08/30 15:28:15.297226, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d230 >[2012/08/30 15:28:15.297351, 10] locking/locking.c:663(parse_share_modes) > parse_share_modes: owrt: Wed Aug 15 16:54:38 2012 EDT, cwrt: Wed Dec 31 19:00:00 1969 EST, ntok: 0, num_share_modes: 1 >[2012/08/30 15:28:15.297544, 10] locking/locking.c:725(parse_share_modes) > parse_share_modes: share_mode_entry[0]: pid = 3054, share_access = 0x5, private_options = 0x0, access_mask = 0x20089, mid = 0x59ca, type= 0x3, gen_id = 1302153931, uid = 10000, flags = 0, file_id 801:23bac:0, name_hash = 0x3ff5f0d4 >[2012/08/30 15:28:15.297669, 10] locking/locking.c:1657(get_delete_on_close_token) > get_delete_on_close_token: name_hash = 0x3ff5f0d4 >[2012/08/30 15:28:15.297792, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 0108000000000000AC3B >[2012/08/30 15:28:15.297923, 10] locking/posix.c:516(get_windows_lock_ref_count) > get_windows_lock_count for file x64/3/cupsui6.dll = 0 >[2012/08/30 15:28:15.298042, 10] locking/posix.c:542(delete_windows_lock_ref_count) > delete_windows_lock_ref_count for file x64/3/cupsui6.dll >[2012/08/30 15:28:15.298206, 2] smbd/close.c:696(close_normal_file) > administrator closed file x64/3/cupsui6.dll (numopen=0) NT_STATUS_OK >[2012/08/30 15:28:15.298329, 5] smbd/files.c:482(file_free) > freed files structure 17785 (0 used) >[2012/08/30 15:28:15.298453, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:15.298517, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24138 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:15.300227, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:27.258547, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 35 >[2012/08/30 15:28:27.258788, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x23 >[2012/08/30 15:28:27.259046, 3] smbd/process.c:1662(process_smb) > Transaction 299 of length 39 (0 toread) >[2012/08/30 15:28:27.259187, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:27.259260, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24202 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:27.260345, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:27.260424, 3] smbd/process.c:1467(switch_message) > switch message SMBtdis (pid 3054) conn 0x7fd50c011730 >[2012/08/30 15:28:27.260563, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:27.260702, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:27.260840, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:27.261058, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:27.261213, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:27.261376, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:27.261513, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:27.261723, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:27.261865, 1] smbd/service.c:1378(close_cnum) > panama (192.168.30.50) closed connection to service print$ >[2012/08/30 15:28:27.262012, 3] smbd/connection.c:35(yield_connection) > Yielding connection to print$ >[2012/08/30 15:28:27.262201, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:28:27.262353, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00d150 >[2012/08/30 15:28:27.262500, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:28:27.262688, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to / >[2012/08/30 15:28:27.262829, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:27.262965, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:27.263101, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:27.263308, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:27.263463, 5] lib/messages.c:332(messaging_deregister) > Deregistering messaging pointer for type 784 - private_data=0x7fd50c02ea70 >[2012/08/30 15:28:27.263760, 5] lib/util.c:332(show_msg) >[2012/08/30 15:28:27.263833, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x71 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=2 > smb_pid=65279 > smb_uid=100 > smb_mid=24202 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:28:27.265362, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:28:50.997440, 10] lib/events.c:221(run_events_poll) > Running timed event "smbd_idle_event_handler" 0x7fd50c018940 >[2012/08/30 15:28:50.997684, 10] smbd/process.c:863(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(deadtime) (nil) called >[2012/08/30 15:28:50.997819, 2] smbd/process.c:2455(deadtime_fn) > Closing idle connection >[2012/08/30 15:28:50.998019, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/30 15:28:50.998155, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_SHUTDOWN (13) > dest: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > src: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > buf : DATA_BLOB length=0 >[2012/08/30 15:28:50.999697, 10] smbd/process.c:867(smbd_idle_event_handler) > smbd_idle_event_handler: idle_evt(deadtime) (nil) stopped >[2012/08/30 15:28:50.999823, 10] lib/messages_local.c:74(messaging_tdb_signal_handler) > messaging_tdb_signal_handler: sig[10] count[1] msgs[1] >[2012/08/30 15:28:50.999942, 10] lib/messages_local.c:466(message_dispatch) > message_dispatch: received_messages = 1 >[2012/08/30 15:28:51.000077, 10] lib/messages_local.c:215(messaging_tdb_fetch) > messaging_tdb_fetch: >[2012/08/30 15:28:51.000203, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > result: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_SHUTDOWN (13) > dest: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > src: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > buf : DATA_BLOB length=0 >[2012/08/30 15:28:51.001183, 3] smbd/server.c:179(msg_exit_server) > got a SHUTDOWN message >[2012/08/30 15:28:51.001301, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:28:51.001420, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:28:51.001539, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:28:51.001722, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:28:51.001846, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F333035342F3130 >[2012/08/30 15:28:51.001976, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c02c3f0 >[2012/08/30 15:28:51.002108, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F333035342F3130 >[2012/08/30 15:28:51.002574, 3] smbd/server_exit.c:181(exit_server_common) > Server exit (normal exit)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7853">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 9106
:
7852
| 7853 |
7854