The Samba-Bugzilla – Attachment 7853 Details for
Bug 9106
Windows 7 x64 - Adding printers via Share name
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
Log file of Windows x64 client while trying to download printer drivers
log.panama (text/plain), 3.94 MB, created by
Sean Ryan
on 2012-08-30 19:33:23 UTC
(
hide
)
Description:
Log file of Windows x64 client while trying to download printer drivers
Filename:
MIME Type:
Creator:
Sean Ryan
Created:
2012-08-30 19:33:23 UTC
Size:
3.94 MB
patch
obsolete
>[2012/08/30 15:27:51.663228, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 > >[2012/08/30 15:27:51.663529, 5] auth/auth_util.c:110(make_user_info_map) > Mapping user [ACR]\[administrator] from workstation [PANAMA] >[2012/08/30 15:27:51.663696, 5] auth/user_info.c:59(make_user_info) > attempting to make a user_info for administrator (administrator) >[2012/08/30 15:27:51.663820, 5] auth/user_info.c:70(make_user_info) > making strings for administrator's user_info struct >[2012/08/30 15:27:51.663940, 5] auth/user_info.c:87(make_user_info) > making blobs for administrator's user_info struct >[2012/08/30 15:27:51.664059, 10] auth/user_info.c:123(make_user_info) > made a user_info for administrator (administrator) >[2012/08/30 15:27:51.664178, 3] auth/auth.c:219(check_ntlm_password) > check_ntlm_password: Checking password for unmapped user [ACR]\[administrator]@[PANAMA] with the new password interface >[2012/08/30 15:27:51.664325, 3] auth/auth.c:222(check_ntlm_password) > check_ntlm_password: mapped user is: [ACR]\[administrator]@[PANAMA] >[2012/08/30 15:27:51.664610, 10] auth/auth.c:231(check_ntlm_password) > check_ntlm_password: auth_context challenge created by random >[2012/08/30 15:27:51.664728, 10] auth/auth.c:233(check_ntlm_password) > challenge is: >[2012/08/30 15:27:51.664845, 5] ../lib/util/util.c:415(dump_data) > [0000] E1 F9 1B D6 03 B5 83 8C ........ >[2012/08/30 15:27:51.664976, 10] auth/auth_builtin.c:44(check_guest_security) > Check auth for: [administrator] >[2012/08/30 15:27:51.665092, 10] auth/auth.c:259(check_ntlm_password) > check_ntlm_password: guest had nothing to say >[2012/08/30 15:27:51.665212, 10] auth/auth_sam.c:75(auth_samstrict_auth) > Check auth for: [administrator] >[2012/08/30 15:27:51.665328, 8] lib/util.c:1521(is_myname) > is_myname("ACR") returns 0 >[2012/08/30 15:27:51.665477, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.665644, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.665763, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.665880, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.665996, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.666609, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.666781, 5] lib/smbldap.c:1341(smbldap_close) > The connection to the LDAP server was closed >[2012/08/30 15:27:51.666902, 10] lib/smbldap.c:819(smb_ldap_setup_conn) > smb_ldap_setup_connection: ldap://192.168.30.15:389 >[2012/08/30 15:27:51.667399, 2] lib/smbldap.c:1018(smbldap_open_connection) > smbldap_open_connection: connection opened >[2012/08/30 15:27:51.667568, 10] lib/smbldap.c:1194(smbldap_connect_system) > ldap_connect_system: Binding to ldap server ldap://192.168.30.15:389 as "cn=djadmin,dc=acr,dc=lab" >[2012/08/30 15:27:51.671439, 3] lib/smbldap.c:1240(smbldap_connect_system) > ldap_connect_system: successful connection to the LDAP server > ldap_connect_system: LDAP server does support paged results >[2012/08/30 15:27:51.671895, 4] lib/smbldap.c:1319(smbldap_open) > The LDAP server is successfully connected >[2012/08/30 15:27:51.674783, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) > init_sam_from_ldap: Entry found for user: administrator >[2012/08/30 15:27:51.675074, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.675262, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.675380, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.675516, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) > pdb_set_user_sid_from_string: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.675696, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.675839, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonTime does not exist >[2012/08/30 15:27:51.675966, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogoffTime does not exist >[2012/08/30 15:27:51.676086, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaKickoffTime does not exist >[2012/08/30 15:27:51.676207, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdCanChange does not exist >[2012/08/30 15:27:51.676332, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaPwdMustChange does not exist >[2012/08/30 15:27:51.676456, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.676580, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomeDrive does not exist >[2012/08/30 15:27:51.676860, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.677005, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaHomePath does not exist >[2012/08/30 15:27:51.677149, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.677272, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonScript does not exist >[2012/08/30 15:27:51.677393, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.677515, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaProfilePath does not exist >[2012/08/30 15:27:51.677632, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.677756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaUserWorkstations does not exist >[2012/08/30 15:27:51.677879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaMungedDial does not exist >[2012/08/30 15:27:51.678000, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLMPassword does not exist >[2012/08/30 15:27:51.678151, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.678292, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.678411, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.678529, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.678646, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.679272, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.680168, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.680288, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.681814, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.681981, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/password history and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.682286, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.682460, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordCount does not exist >[2012/08/30 15:27:51.682583, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaBadPasswordTime does not exist >[2012/08/30 15:27:51.682708, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) > attribute sambaLogonHours does not exist >[2012/08/30 15:27:51.682922, 5] passdb/login_cache.c:47(login_cache_init) > Opening cache file at /var/cache/samba/login_cache.tdb >[2012/08/30 15:27:51.683163, 7] passdb/login_cache.c:91(login_cache_read) > Looking up login cache for user administrator >[2012/08/30 15:27:51.683288, 7] passdb/login_cache.c:102(login_cache_read) > No cache entry found >[2012/08/30 15:27:51.683406, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) > No cache entry, bad count = 0, bad time = 0 >[2012/08/30 15:27:51.683604, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.683727, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.683845, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.683980, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.684098, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.684299, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.684497, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.684633, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.685880, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.686041, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.686266, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.686462, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.686619, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.690763, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.691009, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.691132, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.691251, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.691371, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.691515, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.691763, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.691955, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.692075, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.692197, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.692356, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.692487, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.692606, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.692728, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.692847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.692964, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.693100, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.693219, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.693336, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.693453, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.693573, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.693765, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.693884, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.694040, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.694253, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.694383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.694555, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) > ntlm_password_check: Checking NTLMv2 password with domain [ACR] >[2012/08/30 15:27:51.694805, 4] auth/check_samsec.c:183(sam_account_ok) > sam_account_ok: Checking SMB password for user administrator >[2012/08/30 15:27:51.694947, 5] auth/check_samsec.c:165(logon_hours_ok) > logon_hours_ok: user administrator allowed to logon at this time (Thu Aug 30 19:27:51 2012 > ) >[2012/08/30 15:27:51.695121, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.695240, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.696479, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.696621, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.696740, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.697243, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.697961, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.698091, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.698213, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.698338, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.698457, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.698650, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.698799, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.698923, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.699084, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.699227, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.699348, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.699468, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.699624, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.699833, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.700030, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) > ldapsam_get_account_policy_from_ldap >[2012/08/30 15:27:51.700150, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] >[2012/08/30 15:27:51.701944, 10] passdb/account_pol.c:402(cache_account_policy_set) > cache_account_policy_set: updating account pol cache >[2012/08/30 15:27:51.703011, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Aug 30 15:28:51 2012 > (60 seconds ahead) >[2012/08/30 15:27:51.703220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.703344, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.703462, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.703638, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.703759, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.703876, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.704067, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.704194, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.704311, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.704432, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.704602, 10] lib/system_smbd.c:175(sys_getgrouplist) > sys_getgrouplist: user [administrator] >[2012/08/30 15:27:51.719284, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 512 >[2012/08/30 15:27:51.719419, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.720406, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.720526, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.720662, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.720779, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.721026, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] >[2012/08/30 15:27:51.722830, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 512 >[2012/08/30 15:27:51.723023, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.723144, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 512 -> sid S-1-5-21-3266308635-3715972288-3547500332-512 >[2012/08/30 15:27:51.723303, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 514 >[2012/08/30 15:27:51.723422, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.723579, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.723710, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.723827, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.723944, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.724131, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=514))], scope => [2] >[2012/08/30 15:27:51.725807, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 514 >[2012/08/30 15:27:51.725952, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.726086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 514 -> sid S-1-5-21-3266308635-3715972288-3547500332-514 >[2012/08/30 15:27:51.726232, 5] passdb/lookup_sid.c:1384(gid_to_sid) > gid_to_sid: winbind failed to find a sid for gid 515 >[2012/08/30 15:27:51.726351, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.726489, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.726608, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.726727, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.726844, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.727049, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] >[2012/08/30 15:27:51.728534, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 515 >[2012/08/30 15:27:51.728718, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.728867, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) > LEGACY: gid 515 -> sid S-1-5-21-3266308635-3715972288-3547500332-515 >[2012/08/30 15:27:51.728998, 5] auth/server_info_sam.c:120(make_server_info_sam) > make_server_info_sam: made server info for user administrator -> administrator >[2012/08/30 15:27:51.729122, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.729246, 3] auth/auth.c:268(check_ntlm_password) > check_ntlm_password: sam authentication for user [administrator] succeeded >[2012/08/30 15:27:51.729369, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.729487, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.729616, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.729736, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.729836, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.730047, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.730185, 5] auth/auth.c:296(check_ntlm_password) > check_ntlm_password: PAM Account for user [administrator] succeeded >[2012/08/30 15:27:51.730302, 2] auth/auth.c:309(check_ntlm_password) > check_ntlm_password: authentication for user [administrator] -> [administrator] -> [administrator] succeeded >[2012/08/30 15:27:51.730475, 10] auth/token_util.c:223(create_local_nt_token_from_info3) > Create local NT token for administrator >[2012/08/30 15:27:51.730676, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/08/30 15:27:51.730796, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.730915, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.731100, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.731219, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.731335, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.731772, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.733429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.733611, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.733738, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.733860, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.733979, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.734101, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.734220, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.734337, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.734741, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-544 >[2012/08/30 15:27:51.734870, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.735001, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.735124, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.735242, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.735358, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.735603, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.737586, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.737768, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.737892, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.738020, 5] passdb/pdb_util.c:128(create_builtin_administrators) > create_builtin_administrators: Failed to create Administrators >[2012/08/30 15:27:51.738168, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.738336, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/08/30 15:27:51.738456, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.738575, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.738717, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.738842, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.738959, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.739175, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2012/08/30 15:27:51.741062, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2012/08/30 15:27:51.741250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.741375, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2012/08/30 15:27:51.741498, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.741616, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.741749, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.741873, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.741990, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.742230, 10] passdb/lookup_sid.c:1628(sid_to_gid) > winbind failed to find a gid for sid S-1-5-32-545 >[2012/08/30 15:27:51.742353, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.742472, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.742590, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.742725, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.742842, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.743033, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] >[2012/08/30 15:27:51.745680, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) >[2012/08/30 15:27:51.745856, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.745976, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-545 >[2012/08/30 15:27:51.746120, 5] passdb/pdb_util.c:99(create_builtin_users) > create_builtin_users: Failed to create Users >[2012/08/30 15:27:51.746242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.746361, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.746478, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.746613, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.746730, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.746846, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.747138, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-1001)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-513)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-512)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-514)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], scope => [2] >[2012/08/30 15:27:51.748732, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.748999, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-21-3266308635-3715972288-3547500332-1001 > Privilege set: 0x10 >[2012/08/30 15:27:51.749191, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-513] >[2012/08/30 15:27:51.749316, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-512] >[2012/08/30 15:27:51.749445, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-514] >[2012/08/30 15:27:51.749570, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-515] >[2012/08/30 15:27:51.749695, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-1-0 > Privilege set: 0x0 >[2012/08/30 15:27:51.749880, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-2] >[2012/08/30 15:27:51.750005, 4] lib/privileges.c:97(get_privileges) > get_privileges: No privileges assigned to SID [S-1-5-11] >[2012/08/30 15:27:51.750131, 5] lib/privileges.c:175(get_privileges_for_sids) > get_privileges_for_sids: sid = S-1-5-32-544 > Privilege set: 0x1ffffff0 >[2012/08/30 15:27:51.750413, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) > wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE >[2012/08/30 15:27:51.750536, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.750655, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.750784, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.750908, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.751025, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.751204, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1001. >[2012/08/30 15:27:51.751295, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.751413, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.751552, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.751678, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.751795, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.751976, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752094, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.752211, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752357, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.752487, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.752678, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.752799, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.752943, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.753061, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.753178, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.753295, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.753490, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.753618, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.753738, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.753860, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.753978, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.754118, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.754253, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.754372, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.754491, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.754610, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.754733, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.754851, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.754968, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.755085, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.755205, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.755393, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.755567, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.755697, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.755879, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.756016, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.756144, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.756274, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.756394, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.756519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.756648, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) > LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 is a User, expected a group >[2012/08/30 15:27:51.756776, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.756896, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.757013, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.757138, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.757254, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.757448, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) > lookup_global_sam_rid: looking up RID 1001. >[2012/08/30 15:27:51.757575, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.757693, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.757814, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.757932, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.758050, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.758252, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.758375, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.758491, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.758609, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.758743, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.758937, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759057, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.759177, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759294, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.759428, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.759591, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.759782, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.759909, 10] passdb/pdb_get_set.c:575(pdb_set_username) > pdb_set_username: setting username administrator, was >[2012/08/30 15:27:51.760032, 10] passdb/pdb_get_set.c:598(pdb_set_domain) > pdb_set_domain: setting domain ACR, was >[2012/08/30 15:27:51.760151, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) > pdb_set_nt_username: setting nt username administrator, was >[2012/08/30 15:27:51.760425, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) > pdb_set_full_name: setting full name administrator, was >[2012/08/30 15:27:51.760546, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) > pdb_set_homedir: setting home dir , was >[2012/08/30 15:27:51.760686, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) > pdb_set_dir_drive: setting dir drive , was NULL >[2012/08/30 15:27:51.760805, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) > pdb_set_logon_script: setting logon script allusers.bat, was >[2012/08/30 15:27:51.760923, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) > pdb_set_profile_path: setting profile path , was >[2012/08/30 15:27:51.761041, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) > pdb_set_workstations: setting workstations , was >[2012/08/30 15:27:51.761179, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.761316, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.761434, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 >[2012/08/30 15:27:51.761569, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.761695, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.761891, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 >[2012/08/30 15:27:51.762031, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) > pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 >[2012/08/30 15:27:51.762153, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) > pdb_set_user_sid_from_rid: > setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 >[2012/08/30 15:27:51.762334, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) > pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 >[2012/08/30 15:27:51.762475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.762613, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.762732, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.762854, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.762976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.763094, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) > LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 -> uid 10000 >[2012/08/30 15:27:51.763219, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.763356, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.763475, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.763649, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.763774, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.763968, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] >[2012/08/30 15:27:51.766003, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) >[2012/08/30 15:27:51.766187, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.766309, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/08/30 15:27:51.766450, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-1-0 >[2012/08/30 15:27:51.766572, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.766692, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.766810, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.766948, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.767065, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.767256, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] >[2012/08/30 15:27:51.769416, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) >[2012/08/30 15:27:51.769593, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.769713, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/08/30 15:27:51.769867, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-2 >[2012/08/30 15:27:51.769995, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.770112, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.770230, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.770365, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.770543, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.770735, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] >[2012/08/30 15:27:51.772466, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) >[2012/08/30 15:27:51.772635, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.772755, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/08/30 15:27:51.772876, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-11 >[2012/08/30 15:27:51.773006, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.773130, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.773248, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.773365, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.773486, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.773676, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] >[2012/08/30 15:27:51.775342, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) >[2012/08/30 15:27:51.775535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.775688, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.775812, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) > LEGACY: mapping failed for sid S-1-5-32-544 >[2012/08/30 15:27:51.775934, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-1-0 to gid, ignoring it >[2012/08/30 15:27:51.776056, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-2 to gid, ignoring it >[2012/08/30 15:27:51.776174, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-11 to gid, ignoring it >[2012/08/30 15:27:51.776322, 10] auth/auth_util.c:505(create_local_token) > Could not convert SID S-1-5-32-544 to gid, ignoring it >[2012/08/30 15:27:51.776454, 10] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.779018, 10] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.779537, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) > Got NT session key of length 16 >[2012/08/30 15:27:51.779697, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) > Got LM session key of length 8 >[2012/08/30 15:27:51.779817, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) > ntlmssp_server_auth: Using unmodified nt session key. >[2012/08/30 15:27:51.779941, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) > NTLMSSP Sign/Seal - Initialising with flags: >[2012/08/30 15:27:51.780058, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) > Got NTLMSSP neg_flags=0xe2088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP_NEGOTIATE_56 >[2012/08/30 15:27:51.780794, 10] smbd/password.c:293(register_existing_vuid) > register_existing_vuid: (10000,513) administrator administrator ACR guest=0 >[2012/08/30 15:27:51.780913, 3] smbd/password.c:298(register_existing_vuid) > register_existing_vuid: User name: administrator Real name: administrator >[2012/08/30 15:27:51.781035, 3] smbd/password.c:308(register_existing_vuid) > register_existing_vuid: UNIX uid 10000 is UNIX user administrator, and will be vuid 100 >[2012/08/30 15:27:51.781740, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key 49442F333035342F3130 >[2012/08/30 15:27:51.781988, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c008860 >[2012/08/30 15:27:51.782209, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key 49442F333035342F3130 >[2012/08/30 15:27:51.782372, 7] param/loadparm.c:9834(lp_servicenumber) > lp_servicenumber: couldn't find administrator >[2012/08/30 15:27:51.782581, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.782740, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.782864, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.782983, 3] smbd/password.c:238(register_homes_share) > Adding homes service for user 'administrator' using home directory: '/home/administrator' >[2012/08/30 15:27:51.783343, 8] param/loadparm.c:6480(add_a_service) > add_a_service: Creating snum = 6 for administrator >[2012/08/30 15:27:51.783467, 10] param/loadparm.c:6527(hash_a_service) > hash_a_service: hashing index 6 for service name administrator >[2012/08/30 15:27:51.783700, 3] param/loadparm.c:6582(lp_add_home) > adding home's share [administrator] for user 'administrator' at '/home/%u' >[2012/08/30 15:27:51.783852, 6] param/loadparm.c:7490(lp_file_list_changed) > lp_file_list_changed() > file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 > >[2012/08/30 15:27:51.784290, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.784353, 5] lib/util.c:342(show_msg) > size=94 > smb_com=0x73 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=65535 > smb_pid=65279 > smb_uid=100 > smb_mid=5184 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 9 (0x9) > smb_bcc=51 >[2012/08/30 15:27:51.785361, 10] ../lib/util/util.c:415(dump_data) > [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x > [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 > [0020] 00 2E 00 36 00 2E 00 37 00 00 00 41 00 43 00 52 ...6...7 ...A.C.R > [0030] 00 00 00 ... >[2012/08/30 15:27:51.787401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 78 >[2012/08/30 15:27:51.787803, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x4e >[2012/08/30 15:27:51.787923, 3] smbd/process.c:1662(process_smb) > Transaction 3 of length 82 (0 toread) >[2012/08/30 15:27:51.788040, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.788313, 5] lib/util.c:342(show_msg) > size=78 > smb_com=0x75 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=0 > smb_pid=65279 > smb_uid=100 > smb_mid=5248 > smt_wct=4 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]= 78 (0x4E) > smb_vwv[ 2]= 8 (0x8) > smb_vwv[ 3]= 1 (0x1) > smb_bcc=35 >[2012/08/30 15:27:51.789327, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E > [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? > [0020] 3F 3F 00 ??. >[2012/08/30 15:27:51.789599, 3] smbd/process.c:1467(switch_message) > switch message SMBtconX (pid 3054) conn 0x0 >[2012/08/30 15:27:51.789719, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.789837, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.789978, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.790167, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:51.790342, 4] smbd/reply.c:794(reply_tcon_and_X) > Client requested device type [?????] for share [IPC$] >[2012/08/30 15:27:51.791125, 5] smbd/service.c:1354(make_connection) > making a connection to 'normal' service ipc$ >[2012/08/30 15:27:51.791319, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:51.791444, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.792428, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.792564, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.792707, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.792848, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.792969, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.793086, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.794009, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.794212, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.795567, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.795800, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.795921, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.796039, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.796161, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.796360, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.796537, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.796914, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.798557, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.798985, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.799123, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.799241, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.799396, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.799565, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.799700, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.799825, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user administrator >[2012/08/30 15:27:51.799984, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user administrator >[2012/08/30 15:27:51.800102, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is administrator >[2012/08/30 15:27:51.800225, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [administrator]! >[2012/08/30 15:27:51.800348, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.800469, 3] smbd/service.c:872(make_connection_snum) > Connect path is '/tmp' for service [IPC$] >[2012/08/30 15:27:51.800701, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:51.800893, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff >[2012/08/30 15:27:51.801064, 3] smbd/vfs.c:102(vfs_init_default) > Initialising default vfs hooks >[2012/08/30 15:27:51.801318, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ >[2012/08/30 15:27:51.801446, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend '/[Default VFS]/' >[2012/08/30 15:27:51.801589, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for posixacl >[2012/08/30 15:27:51.801709, 5] smbd/vfs.c:92(smb_register_vfs) > Successfully added vfs backend 'posixacl' >[2012/08/30 15:27:51.801827, 3] smbd/vfs.c:128(vfs_init_custom) > Initialising custom vfs hooks from [/[Default VFS]/] >[2012/08/30 15:27:51.801948, 10] smbd/vfs.c:53(vfs_find_backend_entry) > vfs_find_backend_entry called for /[Default VFS]/ > Successfully loaded vfs module [/[Default VFS]/] with the new modules system >[2012/08/30 15:27:51.802158, 5] smbd/connection.c:134(claim_connection) > claiming [IPC$] >[2012/08/30 15:27:51.802324, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) > Locking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:51.802482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) > Allocated locked data 0x0x7fd50c00dcd0 >[2012/08/30 15:27:51.802708, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) > Unlocking key EE0B0000FFFFFFFF00D9 >[2012/08/30 15:27:51.802979, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.803106, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.803229, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.803346, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.803575, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.803724, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.803865, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.803982, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.804099, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.804302, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.805583, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.805741, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.805864, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.805984, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(0) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.806123, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.806243, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.806361, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.806557, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.808073, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.808234, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.808530, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.808784, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.808927, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.809065, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.809187, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.809308, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share IPC$ is ok for unix user administrator >[2012/08/30 15:27:51.809460, 10] smbd/share_access.c:286(is_share_read_only_for_token) > is_share_read_only_for_user: share IPC$ is read-only for unix user administrator >[2012/08/30 15:27:51.809597, 10] ../libcli/security/access_check.c:58(se_map_generic) > se_map_generic(): mapped mask 0x10000000 to 0x001f01ff >[2012/08/30 15:27:51.809756, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.809881, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.812574, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.812996, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:51.813126, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.813246, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.813364, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.813549, 5] smbd/uid.c:400(change_to_root_user) > change_to_root_user: now uid=(0,0) gid=(0,0) >[2012/08/30 15:27:51.813676, 10] smbd/service.c:162(set_conn_connectpath) > set_conn_connectpath: service IPC$, connectpath = /tmp >[2012/08/30 15:27:51.813831, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) > vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp >[2012/08/30 15:27:51.814004, 3] smbd/service.c:1114(make_connection_snum) > panama (192.168.30.50) connect to service IPC$ initially as user administrator (uid=10000, gid=513) (pid 3054) >[2012/08/30 15:27:51.814135, 3] smbd/reply.c:871(reply_tcon_and_X) > tconX service=IPC$ >[2012/08/30 15:27:51.817377, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:51.817585, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:51.817705, 3] smbd/process.c:1662(process_smb) > Transaction 4 of length 106 (0 toread) >[2012/08/30 15:27:51.817823, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.817884, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5312 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:51.820572, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:51.820901, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.821026, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.821146, 5] ../libcli/security/security_token.c:63(security_token_debug) > Security token SIDs (14): > SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 > SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 > SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 > SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 > SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 > SID[ 5]: S-1-1-0 > SID[ 6]: S-1-5-2 > SID[ 7]: S-1-5-11 > SID[ 8]: S-1-5-32-544 > SID[ 9]: S-1-22-1-10000 > SID[ 10]: S-1-22-2-513 > SID[ 11]: S-1-22-2-512 > SID[ 12]: S-1-22-2-514 > SID[ 13]: S-1-22-2-515 > Privileges (0x 1FFFFFF0): > Privilege[ 0]: SeMachineAccountPrivilege > Privilege[ 1]: SeTakeOwnershipPrivilege > Privilege[ 2]: SeBackupPrivilege > Privilege[ 3]: SeRestorePrivilege > Privilege[ 4]: SeRemoteShutdownPrivilege > Privilege[ 5]: SePrintOperatorPrivilege > Privilege[ 6]: SeAddUsersPrivilege > Privilege[ 7]: SeDiskOperatorPrivilege > Privilege[ 8]: SeSecurityPrivilege > Privilege[ 9]: SeSystemtimePrivilege > Privilege[ 10]: SeShutdownPrivilege > Privilege[ 11]: SeDebugPrivilege > Privilege[ 12]: SeSystemEnvironmentPrivilege > Privilege[ 13]: SeSystemProfilePrivilege > Privilege[ 14]: SeProfileSingleProcessPrivilege > Privilege[ 15]: SeIncreaseBasePriorityPrivilege > Privilege[ 16]: SeLoadDriverPrivilege > Privilege[ 17]: SeCreatePagefilePrivilege > Privilege[ 18]: SeIncreaseQuotaPrivilege > Privilege[ 19]: SeChangeNotifyPrivilege > Privilege[ 20]: SeUndockPrivilege > Privilege[ 21]: SeManageVolumePrivilege > Privilege[ 22]: SeImpersonatePrivilege > Privilege[ 23]: SeCreateGlobalPrivilege > Privilege[ 24]: SeEnableDelegationPrivilege > Rights (0x 0): >[2012/08/30 15:27:51.824355, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 10000 > Primary group is 513 and contains 4 supplementary groups > Group[ 0]: 513 > Group[ 1]: 512 > Group[ 2]: 514 > Group[ 3]: 515 >[2012/08/30 15:27:51.824811, 5] smbd/uid.c:317(change_to_user_internal) > Impersonated user: uid=(0,10000), gid=(0,513) >[2012/08/30 15:27:51.824960, 4] smbd/vfs.c:780(vfs_ChDir) > vfs_ChDir to /tmp >[2012/08/30 15:27:51.825193, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:51.825363, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:51.825513, 5] smbd/files.c:140(file_new) > allocated file structure 13657, fnum = 17753 (1 used) >[2012/08/30 15:27:51.825702, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:51.825956, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:51.826240, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/08/30 15:27:51.826464, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/08/30 15:27:51.826610, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:51.826741, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:51.828529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:51.828860, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:51.829001, 3] smbd/process.c:1662(process_smb) > Transaction 5 of length 76 (0 toread) >[2012/08/30 15:27:51.829120, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.829182, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5376 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:51.830895, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 59 45 ED 03 ...YE.. >[2012/08/30 15:27:51.831038, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.831247, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.831468, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:51.831696, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:51.831819, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.831881, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5376 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:51.833525, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/08/30 15:27:51.835388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:51.835584, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:51.835733, 3] smbd/process.c:1662(process_smb) > Transaction 6 of length 228 (0 toread) >[2012/08/30 15:27:51.835852, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.835914, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5440 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17753 (0x4559) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:51.837649, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:51.839316, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.839453, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.839686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 4559 name: spoolss len: 160 >[2012/08/30 15:27:51.839808, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:51.839928, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:51.840675, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:51.840856, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.841006, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.841129, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.841246, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:51.841389, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.841544, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.841662, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:51.841806, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.842380, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.845946, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:51.846158, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.846301, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:51.846420, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:51.846546, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.846678, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.848774, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:51.848962, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:51.851580, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:51.851759, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:51.851881, 3] smbd/process.c:1662(process_smb) > Transaction 7 of length 63 (0 toread) >[2012/08/30 15:27:51.852009, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.852072, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5504 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17753 (0x4559) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:51.853578, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:51.853644, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.853783, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.853936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.854060, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:51.854199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.854335, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:51.854455, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:51.857785, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:51.857947, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:51.858083, 3] smbd/process.c:1662(process_smb) > Transaction 8 of length 296 (0 toread) >[2012/08/30 15:27:51.858207, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.858269, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5568 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17753 (0x4559) > smb_bcc=225 >[2012/08/30 15:27:51.860390, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:51.861682, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.861857, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.862040, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:51.862299, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.862418, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.862580, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.863446, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4559) >[2012/08/30 15:27:51.863631, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:51.863755, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:51.863875, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:51.863993, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:51.864113, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.864232, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.864349, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.864470, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:51.864590, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.864738, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.864870, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:51.864997, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.865122, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:51.867443, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.867624, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.867771, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.867905, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:51.868065, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:51.868316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:51.871428, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:51.871620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.871903, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:51.872132, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:51.872379, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Wed Dec 31 19:00:00 1969 > (-1346354871 seconds in the past) >[2012/08/30 15:27:51.872616, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:51 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:51.872859, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:51.873003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.873198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.873428, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:51.873584, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:51.877534, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:51.877717, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:51.878243, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.878368, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.878493, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.878616, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.878739, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.878857, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.879070, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:51.880348, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:51.880537, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.880660, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.880801, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.880920, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:51.881038, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:51.881158, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:51.881348, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:51.883872, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:51.884069, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:51.884196, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:51.884316, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:51.884465, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:51.884584, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:51.884705, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:51.884870, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:51.885024, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:51.885234, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:51.885387, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:51.885507, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:51.885647, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:51.886113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:51.887050, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:51.887239, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:51.887428, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:51.887620, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:51.887749, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.887866, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:51.888172, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:51.888370, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:51.888547, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.888746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.889455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:51.891313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.891569, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:51.891699, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:51.891820, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.891940, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.892058, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.892338, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:51.892565, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:51.892737, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:51.892856, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:51.892976, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.893095, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894129, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.894253, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894420, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:51.894559, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:51.894681, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:51.894802, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.894919, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895054, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.895171, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895304, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:51.895436, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:51.895919, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:51.896066, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896226, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896352, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.896471, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:51.896668, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:51.896788, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:51.896929, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897083, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897203, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.897319, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:51.897459, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:51.897578, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:51.897699, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.897816, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.897950, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.898068, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.898204, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:51.898338, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:51.898460, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:51.898581, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.898699, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.898818, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:51.898946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.899090, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:51.899254, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:51.899378, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:51.899540, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:51.899669, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:51.899787, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:51.899908, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:51.900032, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:51.900161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.900360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.900934, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:51.901131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000013-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:51.901614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.901813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.902026, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:51.902148, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:51.902268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:51.902772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000012-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:51.903222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.903422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.903618, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:51.903741, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:51.903859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:51.904504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.904989, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.905114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:51.905270, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.905407, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:51.905555, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:51.907105, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:51.907226, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:51.907355, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:51.907482, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:51.908427, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.908489, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5568 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:51.910034, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 11 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:51.912698, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:51.913134, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:51.913275, 3] smbd/process.c:1662(process_smb) > Transaction 9 of length 106 (0 toread) >[2012/08/30 15:27:51.913401, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.913464, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5632 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:51.915684, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:51.915896, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.916017, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.916140, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:51.916265, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:51.916407, 5] smbd/files.c:140(file_new) > allocated file structure 13658, fnum = 17754 (2 used) >[2012/08/30 15:27:51.916532, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:51.916803, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:51.916949, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:51.917103, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:51.917225, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:51.918521, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:51.918692, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:51.918844, 3] smbd/process.c:1662(process_smb) > Transaction 10 of length 228 (0 toread) >[2012/08/30 15:27:51.918966, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.919028, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5696 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17754 (0x455A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:51.920826, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:51.922070, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.922195, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.922329, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455a name: spoolss len: 160 >[2012/08/30 15:27:51.922449, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:51.922568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:51.922685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:51.922805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.922947, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.923071, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.923188, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:51.923310, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.923427, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:51.923691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:51.923816, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.923978, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.928520, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:51.928650, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.928926, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:51.929061, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:51.929182, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:51.929313, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:51.931221, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:51.931360, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:51.932213, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:51.932361, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:51.932500, 3] smbd/process.c:1662(process_smb) > Transaction 11 of length 63 (0 toread) >[2012/08/30 15:27:51.932619, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.932681, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=5760 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17754 (0x455A) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:51.935329, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:51.935413, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.935601, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.935726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.935865, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:51.935985, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.936112, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:51.936231, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:51.937054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 276 >[2012/08/30 15:27:51.937198, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x114 >[2012/08/30 15:27:51.937335, 3] smbd/process.c:1662(process_smb) > Transaction 12 of length 280 (0 toread) >[2012/08/30 15:27:51.937452, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.937549, 5] lib/util.c:342(show_msg) > size=276 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5824 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 192 (0xC0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 192 (0xC0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=209 >[2012/08/30 15:27:51.939290, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ > [0020] 00 A8 00 00 00 00 00 45 00 00 00 02 00 09 00 00 .......E ........ > [0030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 00 00 00 00 00 00 00 .a.n.g.e ........ > [0050] 00 00 00 00 00 00 00 00 00 02 00 02 00 01 00 00 ........ ........ > [0060] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0070] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0080] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [0090] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00A0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00B0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00C0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00D0] 00 . >[2012/08/30 15:27:51.940365, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.940516, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.940818, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=192 params=0 setup=2 >[2012/08/30 15:27:51.940939, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.941110, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.941228, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.941348, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.941467, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.941585, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 192 >[2012/08/30 15:27:51.941703, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:51.943273, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:51.943400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.943562, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.943704, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 176 >[2012/08/30 15:27:51.943828, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 >[2012/08/30 15:27:51.943948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.944066, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 176 >[2012/08/30 15:27:51.944196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 >[2012/08/30 15:27:51.944320, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.944445, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00c0 (192) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000a8 (168) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=168 > [0000] 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 02 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0040] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0050] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0060] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0070] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0080] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [0090] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00A0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:51.946781, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.946908, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.947030, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.947173, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:51.947295, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:51.947422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00020002 (131074) > 0: SERVER_ACCESS_ADMINISTER > 1: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange >[2012/08/30 15:27:51.949314, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange] >[2012/08/30 15:27:51.949442, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.949680, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange > Printer is a print server >[2012/08/30 15:27:51.949856, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange (len=8) >[2012/08/30 15:27:51.949979, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 2 printer handles active >[2012/08/30 15:27:51.950139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.950337, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) > Setting print server access = SERVER_ACCESS_ENUMERATE >[2012/08/30 15:27:51.950455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 > result : WERR_OK >[2012/08/30 15:27:51.950972, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.951114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 176 >[2012/08/30 15:27:51.951247, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.951365, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:51.951493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:51.953569, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:51.953700, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:51.953820, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:51.953939, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.954004, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5824 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:51.955346, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 14 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:51.956414, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 164 >[2012/08/30 15:27:51.956560, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xa4 >[2012/08/30 15:27:51.956702, 3] smbd/process.c:1662(process_smb) > Transaction 13 of length 168 (0 toread) >[2012/08/30 15:27:51.956820, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.956885, 5] lib/util.c:342(show_msg) > size=164 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5888 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 80 (0x50) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 80 (0x50) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=97 >[2012/08/30 15:27:51.958728, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 03 00 00 ........ .P...... > [0020] 00 38 00 00 00 00 00 1A 00 00 00 00 00 14 00 00 .8...... ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 0A 00 00 .....?P. ........ > [0040] 00 00 00 00 00 0A 00 00 00 4F 00 53 00 56 00 65 ........ .O.S.V.e > [0050] 00 72 00 73 00 69 00 6F 00 6E 00 00 00 1C 01 00 .r.s.i.o .n...... > [0060] 00 . >[2012/08/30 15:27:51.959296, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.959435, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.959629, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=80 params=0 setup=2 >[2012/08/30 15:27:51.959752, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.959871, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.959988, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.960106, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.960224, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.960357, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 80 >[2012/08/30 15:27:51.960496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 80 >[2012/08/30 15:27:51.960635, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 80 >[2012/08/30 15:27:51.960755, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.960876, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.961102, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2012/08/30 15:27:51.961221, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 64 >[2012/08/30 15:27:51.961358, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.961475, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 64 >[2012/08/30 15:27:51.961597, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 64, incoming data = 64 >[2012/08/30 15:27:51.961717, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.961845, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0050 (80) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000038 (56) > context_id : 0x0000 (0) > opnum : 0x001a (26) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=56 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ > [0020] 4F 00 53 00 56 00 65 00 72 00 73 00 69 00 6F 00 O.S.V.e. r.s.i.o. > [0030] 6E 00 00 00 1C 01 00 00 n....... >[2012/08/30 15:27:51.963566, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:51.963765, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:51.963887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:51.964011, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA >[2012/08/30 15:27:51.964141, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[26].fn == 0x7fd50aed07e0 >[2012/08/30 15:27:51.964502, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > in: struct spoolss_GetPrinterData > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 > value_name : 'OSVersion' > offered : 0x0000011c (284) >[2012/08/30 15:27:51.965139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:51.965361, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx >[2012/08/30 15:27:51.965507, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) > _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [OSVersion] >[2012/08/30 15:27:51.965626, 8] rpc_server/spoolss/srv_spoolss_nt.c:2305(getprinterdata_printer_server) > getprinterdata_printer_server:OSVersion >[2012/08/30 15:27:51.965836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinterData: struct spoolss_GetPrinterData > out: struct spoolss_GetPrinterData > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(284) > [0] : 0x14 (20) > [1] : 0x01 (1) > [2] : 0x00 (0) > [3] : 0x00 (0) > [4] : 0x05 (5) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x00 (0) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x93 (147) > [13] : 0x08 (8) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x02 (2) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x00 (0) > [21] : 0x00 (0) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x00 (0) > [28] : 0x00 (0) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x00 (0) > [33] : 0x00 (0) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x00 (0) > [44] : 0x00 (0) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x00 (0) > [49] : 0x00 (0) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x00 (0) > [53] : 0x00 (0) > [54] : 0x00 (0) > [55] : 0x00 (0) > [56] : 0x00 (0) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x00 (0) > [62] : 0x00 (0) > [63] : 0x00 (0) > [64] : 0x00 (0) > [65] : 0x00 (0) > [66] : 0x00 (0) > [67] : 0x00 (0) > [68] : 0x00 (0) > [69] : 0x00 (0) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x00 (0) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x00 (0) > [82] : 0x00 (0) > [83] : 0x00 (0) > [84] : 0x00 (0) > [85] : 0x00 (0) > [86] : 0x00 (0) > [87] : 0x00 (0) > [88] : 0x00 (0) > [89] : 0x00 (0) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x00 (0) > [96] : 0x00 (0) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x00 (0) > [101] : 0x00 (0) > [102] : 0x00 (0) > [103] : 0x00 (0) > [104] : 0x00 (0) > [105] : 0x00 (0) > [106] : 0x00 (0) > [107] : 0x00 (0) > [108] : 0x00 (0) > [109] : 0x00 (0) > [110] : 0x00 (0) > [111] : 0x00 (0) > [112] : 0x00 (0) > [113] : 0x00 (0) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x00 (0) > [118] : 0x00 (0) > [119] : 0x00 (0) > [120] : 0x00 (0) > [121] : 0x00 (0) > [122] : 0x00 (0) > [123] : 0x00 (0) > [124] : 0x00 (0) > [125] : 0x00 (0) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x00 (0) > [132] : 0x00 (0) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x00 (0) > [137] : 0x00 (0) > [138] : 0x00 (0) > [139] : 0x00 (0) > [140] : 0x00 (0) > [141] : 0x00 (0) > [142] : 0x00 (0) > [143] : 0x00 (0) > [144] : 0x00 (0) > [145] : 0x00 (0) > [146] : 0x00 (0) > [147] : 0x00 (0) > [148] : 0x00 (0) > [149] : 0x00 (0) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x00 (0) > [154] : 0x00 (0) > [155] : 0x00 (0) > [156] : 0x00 (0) > [157] : 0x00 (0) > [158] : 0x00 (0) > [159] : 0x00 (0) > [160] : 0x00 (0) > [161] : 0x00 (0) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x00 (0) > [168] : 0x00 (0) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x00 (0) > [173] : 0x00 (0) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x00 (0) > [178] : 0x00 (0) > [179] : 0x00 (0) > [180] : 0x00 (0) > [181] : 0x00 (0) > [182] : 0x00 (0) > [183] : 0x00 (0) > [184] : 0x00 (0) > [185] : 0x00 (0) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x00 (0) > [192] : 0x00 (0) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x00 (0) > [197] : 0x00 (0) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x00 (0) > [202] : 0x00 (0) > [203] : 0x00 (0) > [204] : 0x00 (0) > [205] : 0x00 (0) > [206] : 0x00 (0) > [207] : 0x00 (0) > [208] : 0x00 (0) > [209] : 0x00 (0) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x00 (0) > [216] : 0x00 (0) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x00 (0) > [221] : 0x00 (0) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x00 (0) > [226] : 0x00 (0) > [227] : 0x00 (0) > [228] : 0x00 (0) > [229] : 0x00 (0) > [230] : 0x00 (0) > [231] : 0x00 (0) > [232] : 0x00 (0) > [233] : 0x00 (0) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x00 (0) > [240] : 0x00 (0) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x00 (0) > [245] : 0x00 (0) > [246] : 0x00 (0) > [247] : 0x00 (0) > [248] : 0x00 (0) > [249] : 0x00 (0) > [250] : 0x00 (0) > [251] : 0x00 (0) > [252] : 0x00 (0) > [253] : 0x00 (0) > [254] : 0x00 (0) > [255] : 0x00 (0) > [256] : 0x00 (0) > [257] : 0x00 (0) > [258] : 0x00 (0) > [259] : 0x00 (0) > [260] : 0x00 (0) > [261] : 0x00 (0) > [262] : 0x00 (0) > [263] : 0x00 (0) > [264] : 0x00 (0) > [265] : 0x00 (0) > [266] : 0x00 (0) > [267] : 0x00 (0) > [268] : 0x00 (0) > [269] : 0x00 (0) > [270] : 0x00 (0) > [271] : 0x00 (0) > [272] : 0x00 (0) > [273] : 0x00 (0) > [274] : 0x00 (0) > [275] : 0x00 (0) > [276] : 0x00 (0) > [277] : 0x00 (0) > [278] : 0x00 (0) > [279] : 0x00 (0) > [280] : 0x00 (0) > [281] : 0x00 (0) > [282] : 0x00 (0) > [283] : 0x00 (0) > needed : * > needed : 0x00000114 (276) > result : WERR_OK >[2012/08/30 15:27:51.985136, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:51.985270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 64 >[2012/08/30 15:27:51.985404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:51.985525, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 300. >[2012/08/30 15:27:51.985650, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0144 (324) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000012c (300) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=300 > [0000] 03 00 00 00 1C 01 00 00 14 01 00 00 05 00 00 00 ........ ........ > [0010] 00 00 00 00 93 08 00 00 02 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 14 01 00 00 00 00 00 00 ........ .... >[2012/08/30 15:27:51.988364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 2077 >[2012/08/30 15:27:51.988668, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 324 bytes. There is no more data outstanding >[2012/08/30 15:27:51.988788, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..324] (align 0) >[2012/08/30 15:27:51.988908, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.988994, 5] lib/util.c:342(show_msg) > size=380 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5888 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 324 (0x144) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 324 (0x144) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=325 >[2012/08/30 15:27:51.990373, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 44 01 00 00 03 00 00 ........ .D...... > [0010] 00 2C 01 00 00 00 00 00 00 03 00 00 00 1C 01 00 .,...... ........ > [0020] 00 14 01 00 00 05 00 00 00 00 00 00 00 93 08 00 ........ ........ > [0030] 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 14 01 00 ........ ........ > [0140] 00 00 00 00 00 ..... >[2012/08/30 15:27:51.992594, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:51.992739, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:51.992861, 3] smbd/process.c:1662(process_smb) > Transaction 14 of length 132 (0 toread) >[2012/08/30 15:27:51.992979, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:51.993045, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5952 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17754 (0x455A) > smb_bcc=61 >[2012/08/30 15:27:51.995912, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 14 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:51.996255, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:51.996394, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:51.996530, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:51.996651, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:51.996788, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:51.996907, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:51.997025, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455a) >[2012/08/30 15:27:51.997144, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 >[2012/08/30 15:27:51.997265, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:51.997385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:51.997502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:51.997631, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:51.997757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:51.997874, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:51.997991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:51.998109, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:51.998245, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:51.998368, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:51.998486, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:51.998608, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.000161, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.000296, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.000576, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.000697, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.000821, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.000966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000014-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:52.001453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.001649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.001860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.002054, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.002173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.002661, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.002783, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.002911, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.003030, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.003154, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.004601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.004730, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.004881, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.005000, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.005061, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=5952 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.006411, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.007396, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.007555, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.007687, 3] smbd/process.c:1662(process_smb) > Transaction 15 of length 45 (0 toread) >[2012/08/30 15:27:52.007804, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.007866, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6016 > smt_wct=3 > smb_vwv[ 0]=17754 (0x455A) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.008835, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.008899, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.009018, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.009155, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17754 (numopen=2) >[2012/08/30 15:27:52.009324, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.009649, 5] smbd/files.c:482(file_free) > freed files structure 17754 (1 used) >[2012/08/30 15:27:52.009793, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.009855, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6016 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.010657, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.011282, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:52.011418, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:52.011555, 3] smbd/process.c:1662(process_smb) > Transaction 16 of length 132 (0 toread) >[2012/08/30 15:27:52.011685, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.011747, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6080 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17753 (0x4559) > smb_bcc=61 >[2012/08/30 15:27:52.013784, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 11 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:52.014175, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.014295, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.014420, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:52.014558, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.014676, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.014794, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.014912, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 4559) >[2012/08/30 15:27:52.015048, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.015166, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:52.015285, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:52.015402, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:52.015590, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.015708, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.015825, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.015942, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:52.016078, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.016195, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.016350, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:52.016473, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.016596, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.018099, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.018216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.018351, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.018488, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.018608, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.018727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000011-0000-0000-3f50-b7beee0b0000 >[2012/08/30 15:27:52.019155, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019350, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.019819, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.019953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.020471, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.020598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.020726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.020856, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.020986, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.022370, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.022511, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.022630, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.022749, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.022812, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6080 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.024351, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.025343, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.025481, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.025600, 3] smbd/process.c:1662(process_smb) > Transaction 17 of length 45 (0 toread) >[2012/08/30 15:27:52.025718, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.025780, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6144 > smt_wct=3 > smb_vwv[ 0]=17753 (0x4559) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.026742, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.026806, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.026928, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.027047, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17753 (numopen=1) >[2012/08/30 15:27:52.027166, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.027300, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \spoolss >[2012/08/30 15:27:52.027443, 5] smbd/files.c:482(file_free) > freed files structure 17753 (0 used) >[2012/08/30 15:27:52.027615, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.027678, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6144 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.028841, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.030334, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:52.030490, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:52.030610, 3] smbd/process.c:1662(process_smb) > Transaction 18 of length 106 (0 toread) >[2012/08/30 15:27:52.030728, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.030802, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6208 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:52.033005, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:52.033202, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.033445, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.033612, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:52.033739, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:52.033861, 5] smbd/files.c:140(file_new) > allocated file structure 13659, fnum = 17755 (1 used) >[2012/08/30 15:27:52.033984, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:52.034107, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:52.034248, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \spoolss >[2012/08/30 15:27:52.034367, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss >[2012/08/30 15:27:52.034493, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:52.034616, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:52.035366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 72 >[2012/08/30 15:27:52.035554, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x48 >[2012/08/30 15:27:52.035701, 3] smbd/process.c:1662(process_smb) > Transaction 19 of length 76 (0 toread) >[2012/08/30 15:27:52.035819, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.035880, 5] lib/util.c:342(show_msg) > size=72 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6272 > smt_wct=15 > smb_vwv[ 0]= 4 (0x4) > smb_vwv[ 1]= 0 (0x0) > smb_vwv[ 2]= 2 (0x2) > smb_vwv[ 3]= 24 (0x18) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 4 (0x4) > smb_vwv[10]= 68 (0x44) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 1 (0x1) > smb_vwv[14]= 7 (0x7) > smb_bcc=7 >[2012/08/30 15:27:52.037804, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 5B 45 ED 03 ...[E.. >[2012/08/30 15:27:52.037935, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.038055, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.038197, 9] smbd/trans2.c:935(send_trans2_replies) > t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 >[2012/08/30 15:27:52.038317, 9] smbd/trans2.c:937(send_trans2_replies) > t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 >[2012/08/30 15:27:52.038436, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.038507, 5] lib/util.c:342(show_msg) > size=84 > smb_com=0x32 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6272 > smt_wct=10 > smb_vwv[ 0]= 2 (0x2) > smb_vwv[ 1]= 24 (0x18) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 2 (0x2) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 24 (0x18) > smb_vwv[ 7]= 60 (0x3C) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=29 >[2012/08/30 15:27:52.040716, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... >[2012/08/30 15:27:52.041664, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:52.041801, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:52.041941, 3] smbd/process.c:1662(process_smb) > Transaction 20 of length 228 (0 toread) >[2012/08/30 15:27:52.042059, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.042121, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6336 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:52.044326, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:52.045180, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.045302, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.045422, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455b name: spoolss len: 160 >[2012/08/30 15:27:52.045542, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:52.045662, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:52.045783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:52.045902, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.046021, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.046138, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.046258, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:52.046376, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.046505, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.046621, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:52.046757, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.046882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.050193, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:52.050317, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.050436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:52.050553, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:52.050673, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.050809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.052751, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:52.052880, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:52.053656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.053812, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.053931, 3] smbd/process.c:1662(process_smb) > Transaction 21 of length 63 (0 toread) >[2012/08/30 15:27:52.054048, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.054110, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6400 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.055725, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.055800, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.055926, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.056048, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.056185, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:52.056305, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.056430, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:52.056574, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:52.057122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:52.057254, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:52.057373, 3] smbd/process.c:1662(process_smb) > Transaction 22 of length 296 (0 toread) >[2012/08/30 15:27:52.057499, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.057564, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6464 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=225 >[2012/08/30 15:27:52.059289, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:52.060395, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.060666, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.060791, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:52.060934, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.061052, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.061188, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.061306, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.061425, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.061544, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:52.061681, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:52.061798, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:52.061916, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.062035, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.062169, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.062286, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:52.062405, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.062522, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.062642, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:52.062768, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.062890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:52.065183, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.065301, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.065422, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.065545, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:52.065665, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:52.065787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:52.067612, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:52.067736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.067949, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:52.068122, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:52.068320, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:52.068598, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:52.068752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.068964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.069158, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.069282, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:52.072869, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:52.073040, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:52.073160, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.073297, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.073420, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.073538, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.073658, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.073778, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.073979, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:52.075196, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:52.075379, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.075567, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.075703, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.075821, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.075954, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.076073, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.076266, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:52.077978, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:52.078139, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.078265, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:52.078383, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.078510, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:52.078650, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:52.078770, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:52.078891, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:52.079012, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:52.079150, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.079274, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.079392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.079574, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.079715, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.080503, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.080649, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.080770, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.080887, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.081024, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.081144, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.081303, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.081436, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.081570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.081781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.082289, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.083926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.084144, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.084265, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.084387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.084684, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.084811, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.084929, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.085113, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.085247, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.085367, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.085487, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085621, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085739, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.085856, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.085991, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.086142, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.086273, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.086395, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086514, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086638, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.086756, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.086897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.087032, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.087175, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.087297, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087416, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087570, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.087702, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.087856, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.087981, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.088103, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088221, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088342, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.088464, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.088651, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.088772, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.088893, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089015, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089134, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.089251, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089388, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.089526, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.089645, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.089765, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.089892, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090014, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.090130, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090268, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.090404, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.090528, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.090647, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.090767, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.090886, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.091046, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.091165, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.091287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.091561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.092075, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:52.092205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000017-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.092657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.092890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.093089, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.093207, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.093325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.094903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000016-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.095336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.095710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.095918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.096036, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.096153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.096783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.097259, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.097386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:52.097515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.097634, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.097759, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.099160, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:52.099281, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.099411, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.099557, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.099686, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.099748, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6464 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.101157, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ > [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:52.103317, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 140 >[2012/08/30 15:27:52.103578, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c >[2012/08/30 15:27:52.103711, 3] smbd/process.c:1662(process_smb) > Transaction 23 of length 144 (0 toread) >[2012/08/30 15:27:52.103830, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.103891, 5] lib/util.c:342(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6528 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=73 >[2012/08/30 15:27:52.105613, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... > [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 15 00 00 . ...... ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 00 00 00 00 00 00 ........ . >[2012/08/30 15:27:52.106019, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.106149, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.106280, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2012/08/30 15:27:52.106400, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.106516, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.106636, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.106756, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.106876, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.106995, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 56 >[2012/08/30 15:27:52.107114, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2012/08/30 15:27:52.107249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 >[2012/08/30 15:27:52.107367, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.107485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.107615, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.107732, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 >[2012/08/30 15:27:52.107850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.107967, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.108101, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 >[2012/08/30 15:27:52.108366, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.108489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.110088, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.110216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.110335, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.110456, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.110576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.110757, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : NULL > offered : 0x00000000 (0) >[2012/08/30 15:27:52.111542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.111774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.111968, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.112112, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.112247, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.112405, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.112531, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.112709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.113490, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.113633, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.113756, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.113873, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.113992, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.114127, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.114273, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.114842, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.114969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.115187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.115753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.117425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.117639, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.117760, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.117883, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118004, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118123, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.118239, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.118386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.118523, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.118641, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.118761, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.118877, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.118998, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.119114, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.119247, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.119378, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.119562, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.119692, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.119808, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.119929, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.120045, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.120325, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.120458, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.120595, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.120716, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.120833, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.120951, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.121086, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.121228, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.121356, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.121494, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.121614, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.121734, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.121855, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.122014, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.122134, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.122255, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122372, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122507, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.122624, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.122893, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.123015, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.123135, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123253, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123371, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.123489, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123768, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.123924, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.124046, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.124198, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.124319, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.124488, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.124613, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.124731, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.124851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.125057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.125621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.126357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.126579, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.126722, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.126867, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.126989, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.127109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.127229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.127479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.127743, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.127888, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.128022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.128143, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.128265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.128384, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.128504, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.128624, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.128761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.128881, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.129003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.129134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.129259, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.129383, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.129532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.131228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.132801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.133001, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.133160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.135563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.136914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.137111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.137233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.138766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.140095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.140290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.140410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.141822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.143114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.143312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.143456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.147102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.148486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.148743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.148908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.151063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.152397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.152597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.152730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.154861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.156812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.157016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.157139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.158519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.159910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.160109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.160234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.177586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.178905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.179109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.179238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.181637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.183001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.183205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.183334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.186011, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.187311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.187561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.187696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.189063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.190361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.190566, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.190689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.193528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.195455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.195781, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.195989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.198135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.199452, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.199708, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.199834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.201038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.202375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.202574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.202698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.203944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.205396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.205623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.205747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.206949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.208253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.208485, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.208610, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.209950, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.211397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.211619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.211744, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.213312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.216732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.216942, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.217088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.217212, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.217366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.218059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.218812, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.218932, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.219052, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.219185, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.219303, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.219418, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.219556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.219699, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.219822, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.220017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.221178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.227264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.227471, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.227613, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.227857, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.227983, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.228104, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.228222, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.228373, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.228679, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.228801, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.228925, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229064, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229183, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.229300, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.229571, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.229694, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.230746, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.230872, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.230994, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.231112, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.231260, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.231440, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.231622, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.231747, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.231865, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.232005, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.232123, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.232274, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.232395, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.232517, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.232676, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.232799, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.232916, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.233057, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.233177, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.233298, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233416, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233552, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.233669, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233807, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.233943, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.234062, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.234183, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234304, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234422, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.234539, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.234842, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.234973, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.235108, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.235227, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.235345, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.235556, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.235685, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.235824, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.236136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.236737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.237992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.238194, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.238315, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.238434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.238555, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.238699, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.238823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.238947, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.239078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.239198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.239319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.239438, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.239625, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.239746, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.239865, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.239984, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.240105, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.240224, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.240344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.240645, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.240765, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.240885, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.241004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.241124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.241802, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.243064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.243271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.243392, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.243560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.259952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001b-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.260388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.260611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.260805, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.260936, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.261055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.265435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001a-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.265858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.266055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.266250, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.266370, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.266490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.267003, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000019-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.267425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.267625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.267822, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.267947, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.268067, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.268614, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000018-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.269085, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.269283, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.269478, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.269597, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.269760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.270365, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.270523, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.270642, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.270760, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.270913, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.271174, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.271447, 4] printing/printing.c:1316(print_cache_expired) > print_cache_expired: cache expired for queue HP_4515 (last_qscan_time = 1346354404, time now = 1346354872, qcachetime = 30) >[2012/08/30 15:27:52.271712, 10] printing/printing.c:1844(print_queue_update) > print_queue_update: Sending message -> printer = HP_4515, type = 8, lpq command = [HP_4515] lprm command = [] >[2012/08/30 15:27:52.271956, 10] lib/messages_local.c:255(messaging_tdb_store) > messaging_tdb_store: >[2012/08/30 15:27:52.272084, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > array: struct messaging_array > num_messages : 0x00000001 (1) > messages: ARRAY(1) > messages: struct messaging_rec > msg_version : 0x00000002 (2) > msg_type : MSG_PRINTER_UPDATE (517) > dest: struct server_id > pid : 0x00000ba3 (2979) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > src: struct server_id > pid : 0x00000bee (3054) > vnn : 0xffffffff (4294967295) > unique_id : 0xbe39e3eedeacd900 (13707237555956406528) > buf : DATA_BLOB length=21 > [0000] 48 50 5F 34 35 31 35 00 08 00 00 00 48 50 5F 34 HP_4515. ....HP_4 > [0010] 35 31 35 00 00 515.. >[2012/08/30 15:27:52.278031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : NULL > needed : * > needed : 0x00000308 (776) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:52.278535, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.278672, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 40 >[2012/08/30 15:27:52.278833, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.278957, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. >[2012/08/30 15:27:52.279081, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... >[2012/08/30 15:27:52.280446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.280580, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.280714, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 36 bytes. There is no more data outstanding >[2012/08/30 15:27:52.280837, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/08/30 15:27:52.280957, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.281019, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6528 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/08/30 15:27:52.282396, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... > [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ > [0020] 00 7A 00 00 00 .z... >[2012/08/30 15:27:52.302997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1392 >[2012/08/30 15:27:52.303202, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x570 >[2012/08/30 15:27:52.303322, 3] smbd/process.c:1662(process_smb) > Transaction 24 of length 1396 (0 toread) >[2012/08/30 15:27:52.303455, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.303560, 5] lib/util.c:342(show_msg) > size=1392 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6592 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1308 (0x51C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1308 (0x51C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=1325 >[2012/08/30 15:27:52.305303, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ > [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 15 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.307626, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.307752, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.307880, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1308 params=0 setup=2 >[2012/08/30 15:27:52.308002, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.308138, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.308256, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.308373, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.308516, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 >[2012/08/30 15:27:52.308636, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1308 >[2012/08/30 15:27:52.308755, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1308 >[2012/08/30 15:27:52.309044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 >[2012/08/30 15:27:52.309171, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.309290, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.309417, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.309584, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 >[2012/08/30 15:27:52.309741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.309929, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.310055, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 >[2012/08/30 15:27:52.310193, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.310320, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x051c (1308) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000504 (1284) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1284 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] E0 04 00 00 .... >[2012/08/30 15:27:52.319201, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.319350, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.319472, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.319617, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.319754, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.319876, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=1248 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x000004e0 (1248) >[2012/08/30 15:27:52.328678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.328906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.329101, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.329275, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.329402, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.329646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.329802, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.329944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.330757, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.330881, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.331001, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.331122, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.331241, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.331358, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.331510, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.331656, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.331778, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.331994, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.332538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.334114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.334336, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.334457, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.334578, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.334695, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.334814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.334933, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.335079, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.335212, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.335330, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.335452, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.335618, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.335736, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.335863, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.336148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.336280, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.336397, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.336519, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.336635, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.336753, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.336868, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.337003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.337134, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.337252, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.337364, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337565, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337682, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.337797, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.337965, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.338085, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.338205, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338322, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338443, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.338559, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.338694, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.338812, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.338936, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339053, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339170, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.339286, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.339423, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.340776, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.340913, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.341060, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341177, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341296, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.341413, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.341741, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.341865, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.342005, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.342125, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.342244, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.342390, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.342534, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.342654, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.342862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.343363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.344158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.344359, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.344615, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.344760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.344883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.345002, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.345121, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.345240, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.345361, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.345480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.345599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.345719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.345855, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.345974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.346093, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.346212, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.346335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.346454, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.346581, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.346701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.346824, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.346948, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.347088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.348783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.350570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.350818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.350982, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.352382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.353776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.353974, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.354114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.355705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.357063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.357258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.357382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.358772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.360090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.360450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.360583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.363974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.365353, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.365613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.365737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.367822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.369158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.369387, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.369518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.371927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.373502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.373709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.373837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.375162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.376517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.376714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.376837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.394201, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.395629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.396017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.396145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.398261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.400387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.400615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.400746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.402051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.403312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.403553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.403683, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.405052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.406351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.406544, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.406667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.409606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.410913, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.411216, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.413458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.414748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.414958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.415080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.416360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.417650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.417848, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.417970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.419173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.420669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.420873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.420995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.422186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.423476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.423683, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.423805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.425132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.426435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.426629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.426750, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.428114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.429546, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.429760, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.429879, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.429999, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.430117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.430819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.431672, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.431792, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.431913, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.432029, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.432298, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.432413, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.432555, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.432687, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.432826, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.433020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.433517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.435049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.435262, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.435380, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.435559, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.435697, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.435814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.435930, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.436084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.436252, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.436370, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.436508, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436628, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436746, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.436862, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.436996, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.437145, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.437263, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.437383, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437502, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437620, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.437800, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.437962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.438094, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.438214, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.438334, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438454, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438572, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.438688, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.438830, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.438967, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.439088, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439205, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439324, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.439444, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.439632, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.439752, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.439876, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.439994, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440139, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.440255, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440395, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.440531, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.440650, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.440771, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.440891, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441010, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.441126, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441265, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.441410, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.441531, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.441650, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.441771, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.441889, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.442007, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.442125, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.442246, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.442441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.442933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.444327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.444555, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.444674, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.444809, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.444929, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.445067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.445189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.445329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.445458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.445579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.445719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.445842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.445964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.446085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.446209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.446330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.446452, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.446573, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.446697, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.446817, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.446939, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.447060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.447184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.447309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.448056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.449579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.449790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.449911, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.450052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.466917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001f-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.467347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.467581, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.467809, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.467932, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.468053, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.468721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001e-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.469169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.469364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.469575, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.469699, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.469937, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.470521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001d-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.470999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.471201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.471395, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.471635, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.471756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.472251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000001c-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.472710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.472942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.473137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.473256, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.473377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.473921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/30 15:27:52.491717, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.491855, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 1292 >[2012/08/30 15:27:52.492174, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.492298, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. >[2012/08/30 15:27:52.492423, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0508 (1288) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000004f0 (1264) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1264 > [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ > [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... > [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... > [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... > [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ > [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ > [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ > [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ > [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. > [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ > [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. > [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ > [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... > [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ > [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... > [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ > [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ > [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ > [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. > [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. > [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ > [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... > [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. > [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. > [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... > [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. > [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. > [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. > [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. > [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. > [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. > [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. > [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. > [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. > [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ >[2012/08/30 15:27:52.499785, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 1024 bytes. There is more data outstanding >[2012/08/30 15:27:52.499925, 5] smbd/ipc.c:103(send_trans_reply) > send_trans_reply: buffer 1024 too large >[2012/08/30 15:27:52.500052, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) >[2012/08/30 15:27:52.500171, 3] smbd/error.c:81(error_packet_set) > error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW >[2012/08/30 15:27:52.500364, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.500427, 5] lib/util.c:342(show_msg) > size=1080 > smb_com=0x25 > smb_rcls=5 > smb_reh=0 > smb_err=32768 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6592 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1024 (0x400) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=1025 >[2012/08/30 15:27:52.501785, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ > [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ > [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. > [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. > [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. > [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.506085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.506374, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.506504, 3] smbd/process.c:1662(process_smb) > Transaction 25 of length 63 (0 toread) >[2012/08/30 15:27:52.506627, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.506689, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6656 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17755 (0x455B) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 264 (0x108) > smb_vwv[ 6]= 264 (0x108) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 264 (0x108) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.508853, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.508936, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.509063, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.509187, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 264 >[2012/08/30 15:27:52.509309, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. >[2012/08/30 15:27:52.509456, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.509587, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.509844, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 264 bytes. There is more data outstanding >[2012/08/30 15:27:52.510060, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=264 max=264 nread=264 >[2012/08/30 15:27:52.520165, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 128 >[2012/08/30 15:27:52.520374, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x80 >[2012/08/30 15:27:52.520493, 3] smbd/process.c:1662(process_smb) > Transaction 26 of length 132 (0 toread) >[2012/08/30 15:27:52.520610, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.520674, 5] lib/util.c:342(show_msg) > size=128 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6720 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 44 (0x2C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1288 (0x508) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 44 (0x2C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17755 (0x455B) > smb_bcc=61 >[2012/08/30 15:27:52.522372, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... > [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 15 00 00 ........ ........ > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... >[2012/08/30 15:27:52.522753, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.522872, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.522997, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=44 params=0 setup=2 >[2012/08/30 15:27:52.523134, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.523249, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.523365, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.523482, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455b) >[2012/08/30 15:27:52.523647, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1288 >[2012/08/30 15:27:52.523765, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 44 >[2012/08/30 15:27:52.523896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 44 >[2012/08/30 15:27:52.524031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 >[2012/08/30 15:27:52.524184, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.524302, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.524419, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.524537, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 >[2012/08/30 15:27:52.524655, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.524771, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 28 >[2012/08/30 15:27:52.524887, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 >[2012/08/30 15:27:52.525022, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.525151, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x002c (44) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x001d (29) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=20 > [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.526669, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.526793, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.527063, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.527187, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER >[2012/08/30 15:27:52.527307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[29].fn == 0x7fd50aed00b0 >[2012/08/30 15:27:52.527431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > in: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000015-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.528916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529316, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.529509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.529649, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_ClosePrinter: struct spoolss_ClosePrinter > out: struct spoolss_ClosePrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.530142, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.530272, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 28 >[2012/08/30 15:27:52.530404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1288 >[2012/08/30 15:27:52.530524, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.530776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000005 (5) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.532386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.532573, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.532703, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.532844, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.532906, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6720 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.534270, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 . >[2012/08/30 15:27:52.534726, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 102 >[2012/08/30 15:27:52.534851, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x66 >[2012/08/30 15:27:52.534997, 3] smbd/process.c:1662(process_smb) > Transaction 27 of length 106 (0 toread) >[2012/08/30 15:27:52.535115, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.535175, 5] lib/util.c:342(show_msg) > size=102 > smb_com=0xa2 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=6785 > smt_wct=24 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]= 4096 (0x1000) > smb_vwv[ 3]= 4096 (0x1000) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]=40704 (0x9F00) > smb_vwv[ 8]= 4609 (0x1201) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_vwv[14]= 0 (0x0) > smb_vwv[15]= 1792 (0x700) > smb_vwv[16]= 0 (0x0) > smb_vwv[17]= 256 (0x100) > smb_vwv[18]= 0 (0x0) > smb_vwv[19]=16384 (0x4000) > smb_vwv[20]=16384 (0x4000) > smb_vwv[21]= 512 (0x200) > smb_vwv[22]= 0 (0x0) > smb_vwv[23]= 768 (0x300) > smb_bcc=19 >[2012/08/30 15:27:52.537388, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s > [0010] 00 00 00 ... >[2012/08/30 15:27:52.537584, 3] smbd/process.c:1467(switch_message) > switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.537702, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.537842, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) > reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss >[2012/08/30 15:27:52.537958, 4] smbd/nttrans.c:288(nt_open_pipe) > nt_open_pipe: Opening pipe \spoolss. >[2012/08/30 15:27:52.538140, 5] smbd/files.c:140(file_new) > allocated file structure 13660, fnum = 17756 (2 used) >[2012/08/30 15:27:52.538280, 10] smbd/files.c:705(file_name_hash) > file_name_hash: /tmp/spoolss hash 0x7d4e46e5 >[2012/08/30 15:27:52.538403, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \spoolss >[2012/08/30 15:27:52.538527, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss >[2012/08/30 15:27:52.538687, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \spoolss (pipes_open=0) >[2012/08/30 15:27:52.538808, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) > do_ntcreate_pipe_open: open pipe = \spoolss >[2012/08/30 15:27:52.539585, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 41 >[2012/08/30 15:27:52.539741, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x29 >[2012/08/30 15:27:52.539868, 3] smbd/process.c:1662(process_smb) > Transaction 28 of length 45 (0 toread) >[2012/08/30 15:27:52.539985, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.540046, 5] lib/util.c:342(show_msg) > size=41 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6849 > smt_wct=3 > smb_vwv[ 0]=17755 (0x455B) > smb_vwv[ 1]=65535 (0xFFFF) > smb_vwv[ 2]=65535 (0xFFFF) > smb_bcc=0 >[2012/08/30 15:27:52.541197, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.541267, 3] smbd/process.c:1467(switch_message) > switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.541385, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.541503, 3] smbd/reply.c:4848(reply_close) > close fd=-1 fnum=17755 (numopen=2) >[2012/08/30 15:27:52.541621, 6] smbd/close.c:532(set_close_write_time) > close_write_time: Sun Feb 7 01:28:15 2106 >[2012/08/30 15:27:52.541762, 5] smbd/files.c:482(file_free) > freed files structure 17755 (1 used) >[2012/08/30 15:27:52.541881, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.541944, 5] lib/util.c:342(show_msg) > size=35 > smb_com=0x4 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6849 > smt_wct=0 > smb_bcc=0 >[2012/08/30 15:27:52.542730, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.543297, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 224 >[2012/08/30 15:27:52.543428, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0xe0 >[2012/08/30 15:27:52.543618, 3] smbd/process.c:1662(process_smb) > Transaction 29 of length 228 (0 toread) >[2012/08/30 15:27:52.543738, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.543802, 5] lib/util.c:342(show_msg) > size=224 > smb_com=0x2f > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6913 > smt_wct=14 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17756 (0x455C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]=65535 (0xFFFF) > smb_vwv[ 6]=65535 (0xFFFF) > smb_vwv[ 7]= 8 (0x8) > smb_vwv[ 8]= 160 (0xA0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 160 (0xA0) > smb_vwv[11]= 64 (0x40) > smb_vwv[12]= 0 (0x0) > smb_vwv[13]= 0 (0x0) > smb_bcc=161 >[2012/08/30 15:27:52.545402, 10] ../lib/util/util.c:415(dump_data) > [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ > [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ > [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. > [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ > [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 > [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... > [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... > [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. > [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. > [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ > [00A0] 00 . >[2012/08/30 15:27:52.546229, 3] smbd/process.c:1467(switch_message) > switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.546350, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.546469, 6] smbd/pipes.c:300(reply_pipe_write_and_X) > reply_pipe_write_and_X: 455c name: spoolss len: 160 >[2012/08/30 15:27:52.546606, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 160 >[2012/08/30 15:27:52.546724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 160 >[2012/08/30 15:27:52.546841, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 >[2012/08/30 15:27:52.546970, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.547104, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.547221, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.547337, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 >[2012/08/30 15:27:52.547457, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.547612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 144 >[2012/08/30 15:27:52.547729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 >[2012/08/30 15:27:52.547847, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.547971, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00a0 (160) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x03 (3) > ctx_list: ARRAY(3) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0001 (1) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 71710533-beba-4937-8319-b5dbef9ccc36 > if_version : 0x00000001 (1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0002 (2) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : 12345678-1234-abcd-ef00-0123456789ab > if_version : 0x00000001 (1) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : 6cb71c2c-9812-4540-0300-000000000000 > if_version : 0x00000001 (1) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.551355, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 11 >[2012/08/30 15:27:52.551523, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) > api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.551651, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) > api_pipe_bind_req: make response. 923 >[2012/08/30 15:27:52.551768, 3] rpc_server/srv_pipe.c:339(check_bind_req) > check_bind_req for \spoolss >[2012/08/30 15:27:52.551888, 3] rpc_server/srv_pipe.c:346(check_bind_req) > check_bind_req: \PIPE\spoolss -> \PIPE\spoolss >[2012/08/30 15:27:52.552018, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x000053f0 (21488) > secondary_address_size : 0x000e (14) > secondary_address : '\PIPE\spoolss' > _pad1 : DATA_BLOB length=0 > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 >[2012/08/30 15:27:52.553979, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 144 >[2012/08/30 15:27:52.554108, 3] smbd/pipes.c:361(pipe_write_andx_done) > writeX-IPC nwritten=160 >[2012/08/30 15:27:52.555024, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 59 >[2012/08/30 15:27:52.555166, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x3b >[2012/08/30 15:27:52.555284, 3] smbd/process.c:1662(process_smb) > Transaction 30 of length 63 (0 toread) >[2012/08/30 15:27:52.555401, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.555466, 5] lib/util.c:342(show_msg) > size=59 > smb_com=0x2e > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=65279 > smb_uid=100 > smb_mid=6977 > smt_wct=12 > smb_vwv[ 0]= 255 (0xFF) > smb_vwv[ 1]=57054 (0xDEDE) > smb_vwv[ 2]=17756 (0x455C) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 1024 (0x400) > smb_vwv[ 6]= 1024 (0x400) > smb_vwv[ 7]=65535 (0xFFFF) > smb_vwv[ 8]=65535 (0xFFFF) > smb_vwv[ 9]= 1024 (0x400) > smb_vwv[10]= 0 (0x0) > smb_vwv[11]= 0 (0x0) > smb_bcc=0 >[2012/08/30 15:27:52.557073, 10] ../lib/util/util.c:415(dump_data) >[2012/08/30 15:27:52.557140, 3] smbd/process.c:1467(switch_message) > switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.557259, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.557382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.557503, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) > read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. >[2012/08/30 15:27:52.557635, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 29 >[2012/08/30 15:27:52.557759, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 68 bytes. There is no more data outstanding >[2012/08/30 15:27:52.557877, 3] smbd/pipes.c:485(pipe_read_andx_done) > readX-IPC min=1024 max=1024 nread=68 >[2012/08/30 15:27:52.558662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 292 >[2012/08/30 15:27:52.558798, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x124 >[2012/08/30 15:27:52.558916, 3] smbd/process.c:1662(process_smb) > Transaction 31 of length 296 (0 toread) >[2012/08/30 15:27:52.559033, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.559094, 5] lib/util.c:342(show_msg) > size=292 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7041 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 208 (0xD0) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 208 (0xD0) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=225 >[2012/08/30 15:27:52.560816, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ > [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ > [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r > [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ > [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ > [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... > [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ > [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ > [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... > [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C > [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i > [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. > [00E0] 00 . >[2012/08/30 15:27:52.561904, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.562022, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.562144, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=208 params=0 setup=2 >[2012/08/30 15:27:52.562264, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.562380, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.562496, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.562612, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.562746, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.562864, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 208 >[2012/08/30 15:27:52.562981, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 208 >[2012/08/30 15:27:52.563098, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 >[2012/08/30 15:27:52.563215, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.563338, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.563455, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.563607, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 >[2012/08/30 15:27:52.563728, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.563844, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 192 >[2012/08/30 15:27:52.563960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 >[2012/08/30 15:27:52.564230, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.564354, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00d0 (208) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x000000b8 (184) > context_id : 0x0000 (0) > opnum : 0x0045 (69) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=184 > [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ > [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. > [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ > [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ > [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ > [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. > [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ > [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. > [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. > [00B0] 74 00 6F 00 72 00 00 00 t.o.r... >[2012/08/30 15:27:52.566621, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.566741, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.566875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.566995, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX >[2012/08/30 15:27:52.567114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[69].fn == 0x7fd50aec9b10 >[2012/08/30 15:27:52.567236, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > in: struct spoolss_OpenPrinterEx > printername : * > printername : '\\orange\HP_4515' > datatype : NULL > devmode_ctr: struct spoolss_DevmodeContainer > _ndr_size : 0x00000000 (0) > devmode : NULL > access_mask : 0x00000000 (0) > 0: SERVER_ACCESS_ADMINISTER > 0: SERVER_ACCESS_ENUMERATE > 0: PRINTER_ACCESS_ADMINISTER > 0: PRINTER_ACCESS_USE > 0: JOB_ACCESS_ADMINISTER > 0: JOB_ACCESS_READ > level : 0x00000001 (1) > userlevel : union spoolss_UserLevel(case 1) > level1 : * > level1: struct spoolss_UserLevel1 > size : 0x00000028 (40) > client : * > client : 'PANAMA' > user : * > user : 'ACR\administrator' > build : 0x00001db1 (7601) > major : UNKNOWN_ENUM_VALUE (3) > minor : SPOOLSS_MINOR_VERSION_0 (0) > processor : PROCESSOR_ARCHITECTURE_AMD64 (9) > checking name: \\orange\HP_4515 >[2012/08/30 15:27:52.569045, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) > open_printer_hnd: name [\\orange\HP_4515] >[2012/08/30 15:27:52.569167, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.569361, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) > Setting printer type=\\orange\HP_4515 > Printer is a printer >[2012/08/30 15:27:52.569557, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) > Setting printer name=\\orange\HP_4515 (len=16) > searching for [HP_4515] >[2012/08/30 15:27:52.569753, 10] lib/gencache.c:183(gencache_set_data_blob) > Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 > (300 seconds ahead) > set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 >[2012/08/30 15:27:52.570001, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) > 1 printer handles active >[2012/08/30 15:27:52.570118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.570312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.570532, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.570657, 3] lib/access.c:338(allow_access) > Allowed connection from 192.168.30.50 (192.168.30.50) >[2012/08/30 15:27:52.573851, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) > string_to_sid: SID root is not in a valid format >[2012/08/30 15:27:52.574037, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: ACR\root => domain=[ACR], name=[root] >[2012/08/30 15:27:52.574159, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.574281, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.574405, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.574523, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.574641, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.574758, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.574993, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] >[2012/08/30 15:27:52.576464, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) > ldapsam_getsampwnam: Unable to locate user [root] count=0 >[2012/08/30 15:27:52.576661, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.576809, 4] smbd/sec_ctx.c:214(push_sec_ctx) > push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.576977, 4] smbd/uid.c:460(push_conn_ctx) > push_conn_ctx(100) : conn_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.577120, 4] smbd/sec_ctx.c:314(set_sec_ctx) > setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 >[2012/08/30 15:27:52.577260, 5] ../libcli/security/security_token.c:53(security_token_debug) > Security token: (NULL) >[2012/08/30 15:27:52.577416, 5] auth/token_util.c:527(debug_unix_user_token) > UNIX token of user 0 > Primary group is 0 and contains 0 supplementary groups >[2012/08/30 15:27:52.577631, 5] lib/smbldap.c:1439(smbldap_search_ext) > smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] >[2012/08/30 15:27:52.579616, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) > ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) >[2012/08/30 15:27:52.579796, 4] smbd/sec_ctx.c:422(pop_sec_ctx) > pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 >[2012/08/30 15:27:52.579941, 10] passdb/lookup_sid.c:76(lookup_name) > lookup_name: Unix User\root => domain=[Unix User], name=[root] >[2012/08/30 15:27:52.580060, 10] passdb/lookup_sid.c:77(lookup_name) > lookup_name: flags = 0x073 >[2012/08/30 15:27:52.580189, 5] lib/username.c:171(Get_Pwnam_alloc) > Finding user root >[2012/08/30 15:27:52.580306, 5] lib/username.c:116(Get_Pwnam_internals) > Trying _Get_Pwnam(), username as lowercase is root >[2012/08/30 15:27:52.580480, 5] lib/username.c:149(Get_Pwnam_internals) > Get_Pwnam_internals did find user [root]! >[2012/08/30 15:27:52.580603, 10] smbd/share_access.c:241(user_ok_token) > user_ok_token: share HP_4515 is ok for unix user administrator >[2012/08/30 15:27:52.580752, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) > Setting printer access = PRINTER_ACCESS_USE >[2012/08/30 15:27:52.580875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.581002, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.581121, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.581244, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.581379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.582144, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.582265, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.582387, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.582507, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.582637, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.582754, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.582901, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.583036, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.583158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.583356, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.583901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.585473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.585696, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.585818, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.585940, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586062, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586182, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.586298, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.586450, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.586591, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.586713, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.586845, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.586963, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587105, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.587221, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587361, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.587550, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.587680, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.587802, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.587920, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588038, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.588414, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.588717, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.588838, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.588960, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589099, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589224, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.589341, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.589491, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.589613, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.589765, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.589884, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.590004, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.590120, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.590277, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.590398, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.590519, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.590638, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.590761, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.590878, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.591468, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.591657, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.591782, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.591905, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592025, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592146, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.592306, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592452, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.592589, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.592711, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.592834, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.592955, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.593074, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.593193, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.593331, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.593453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.593652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.594147, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) > winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists >[2012/08/30 15:27:52.594279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000022-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.594711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.594925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.595130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.595250, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.595388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.596100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000021-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.596567, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.596764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.596975, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.597095, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.597213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.597695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx > out: struct spoolss_OpenPrinterEx > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.598174, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.598301, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 192 >[2012/08/30 15:27:52.598434, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.598554, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. >[2012/08/30 15:27:52.598680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 00 00 00 00 ........ >[2012/08/30 15:27:52.600287, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 1460 >[2012/08/30 15:27:52.600410, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.600555, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 48 bytes. There is no more data outstanding >[2012/08/30 15:27:52.600675, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..48] (align 0) >[2012/08/30 15:27:52.600793, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.600855, 5] lib/util.c:342(show_msg) > size=104 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7041 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 48 (0x30) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 48 (0x30) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=49 >[2012/08/30 15:27:52.602236, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... > [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 00 00 ........ ..... .. > [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ > [0030] 00 . >[2012/08/30 15:27:52.605310, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 140 >[2012/08/30 15:27:52.605592, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x8c >[2012/08/30 15:27:52.605725, 3] smbd/process.c:1662(process_smb) > Transaction 32 of length 144 (0 toread) >[2012/08/30 15:27:52.605844, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.605905, 5] lib/util.c:342(show_msg) > size=140 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7105 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 56 (0x38) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 56 (0x38) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=73 >[2012/08/30 15:27:52.607688, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... > [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 20 00 00 . ...... ..... .. > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 00 00 00 00 00 00 ........ . >[2012/08/30 15:27:52.608169, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.608307, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.608449, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=56 params=0 setup=2 >[2012/08/30 15:27:52.608586, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.608705, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.608833, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.608959, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.609089, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.609208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 56 >[2012/08/30 15:27:52.609352, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 56 >[2012/08/30 15:27:52.609486, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 >[2012/08/30 15:27:52.609620, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.609754, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.609873, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.609991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 >[2012/08/30 15:27:52.610121, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.610246, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 40 >[2012/08/30 15:27:52.610365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 >[2012/08/30 15:27:52.610623, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.610752, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0038 (56) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000020 (32) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=32 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.612678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.612823, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.612990, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.613132, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.613270, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.613395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : NULL > offered : 0x00000000 (0) >[2012/08/30 15:27:52.614037, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.614270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.614482, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.614644, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.614785, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.614904, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.615045, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.615196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.616100, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.616224, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.616346, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.616463, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.616597, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.616716, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.616862, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.616996, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.617135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.617332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.617857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.619529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.619751, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.619887, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.620032, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620152, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620287, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.620428, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.620572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.620708, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.620844, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.620967, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621086, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621206, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.621322, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.621640, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.621758, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.621895, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622028, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622162, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.622295, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622444, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.622578, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.622721, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.622872, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.622992, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.623112, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.623231, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.623376, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.623552, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.623702, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.623836, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.624103, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.624223, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.624363, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.624484, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.624622, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.624750, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.624874, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.625007, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.625146, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.625299, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.625435, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.625559, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.625693, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.625814, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.625946, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.626100, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.626252, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.626375, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.626510, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.626662, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.626803, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.626937, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.627071, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.627293, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.627562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.628121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.628915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.629129, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.629285, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.629448, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.629572, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.629691, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.629813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.629948, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.630086, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.630207, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.630345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.630480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.630602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.630724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.630853, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.630972, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.631219, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.631364, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.631598, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.631722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.631858, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.631990, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.632146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.633732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.635065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.635279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.635424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.636990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.638412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.638641, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.638783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.640497, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.641863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.642062, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.642185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.643564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.644947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.645160, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.645297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.648971, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.650390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.650613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.650740, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.653853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.655245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.655449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.655622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.657941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.659348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.659585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.659725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.661342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.662708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.662925, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.663063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.680558, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.681950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.682164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.682290, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.684633, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.685995, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.686195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.686316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.687762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.689216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.689416, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.689541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.690892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.692493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.692698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.692852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.696299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.697772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.697987, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.698117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.700504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.701879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.702103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.702244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.703472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.705752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.705969, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.706099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.707374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.709719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.709976, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.710104, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.711427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.713404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.713614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.713758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.715128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.716597, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.717661, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.717829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.719259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.720739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.720943, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.721079, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.721203, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.721323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.722025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.722853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.722995, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.723119, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.723238, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.723359, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.723478, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.724508, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.724646, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.724771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.725032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.725590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.727250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.727469, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.727643, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.727783, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.727917, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.728038, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.728156, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.728329, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.728480, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.728615, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.728773, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729029, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729151, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.729270, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729432, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.729582, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.729726, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.729850, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.729977, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730102, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.730236, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.730520, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.730642, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.730780, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.730900, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.731037, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.731156, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.731301, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.731439, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.731597, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.731732, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.731853, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.731980, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.732128, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.732426, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.732550, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.732692, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.732813, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.733058, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.733216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.733419, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.733544, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.733670, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.733800, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.733922, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.734042, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.734202, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.734375, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.734517, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.734642, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.734780, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.734916, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.735051, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.735172, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.735295, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.735564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.736148, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.737458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.737683, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.737805, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.737937, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.738078, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.738229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.738370, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.738486, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.738704, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.738842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.738965, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.739101, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.739223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.739359, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.739481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.739626, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.739748, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.739870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.740006, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.740161, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.740283, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.740444, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.740580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.740725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.741499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.742830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.743029, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.743151, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.743291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.760598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000026-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.761074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.761273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.761472, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.761610, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.761736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.762262, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000025-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.762706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.762925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.763123, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.763247, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.763385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.763964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000024-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.764432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.764633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.764844, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.764986, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.765146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.765654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000023-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.766087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.766286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.766496, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.766630, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.766764, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.767348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : NULL > needed : * > needed : 0x00000308 (776) > result : WERR_INSUFFICIENT_BUFFER >[2012/08/30 15:27:52.767997, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) > api_rpcTNP: called \spoolss successfully >[2012/08/30 15:27:52.768136, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 40 >[2012/08/30 15:27:52.768281, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) > name: \spoolss len: 1024 >[2012/08/30 15:27:52.768417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) > read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. >[2012/08/30 15:27:52.768543, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0024 (36) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x0000000c (12) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=12 > [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... >[2012/08/30 15:27:52.769927, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) > free_pipe_context: destroying talloc pool of size 4526 >[2012/08/30 15:27:52.770056, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) > close_policy_by_pipe: deleted handle list for pipe \winreg >[2012/08/30 15:27:52.770221, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) > Received 36 bytes. There is no more data outstanding >[2012/08/30 15:27:52.770341, 5] smbd/ipc.c:62(copy_trans_params_and_data) > copy_trans_params_and_data: params[0..0] data[0..36] (align 0) >[2012/08/30 15:27:52.770477, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.770541, 5] lib/util.c:342(show_msg) > size=92 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=136 > smb_flg2=51203 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7105 > smt_wct=10 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 36 (0x24) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 0 (0x0) > smb_vwv[ 4]= 56 (0x38) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 36 (0x24) > smb_vwv[ 7]= 56 (0x38) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_bcc=37 >[2012/08/30 15:27:52.772061, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... > [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ > [0020] 00 7A 00 00 00 .z... >[2012/08/30 15:27:52.774980, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) > got smb length of 1392 >[2012/08/30 15:27:52.775193, 6] smbd/process.c:1660(process_smb) > got message type 0x0 of len 0x570 >[2012/08/30 15:27:52.775316, 3] smbd/process.c:1662(process_smb) > Transaction 33 of length 1396 (0 toread) >[2012/08/30 15:27:52.775436, 5] lib/util.c:332(show_msg) >[2012/08/30 15:27:52.775558, 5] lib/util.c:342(show_msg) > size=1392 > smb_com=0x25 > smb_rcls=0 > smb_reh=0 > smb_err=0 > smb_flg=24 > smb_flg2=51207 > smb_tid=1 > smb_pid=1080 > smb_uid=100 > smb_mid=7169 > smt_wct=16 > smb_vwv[ 0]= 0 (0x0) > smb_vwv[ 1]= 1308 (0x51C) > smb_vwv[ 2]= 0 (0x0) > smb_vwv[ 3]= 1024 (0x400) > smb_vwv[ 4]= 0 (0x0) > smb_vwv[ 5]= 0 (0x0) > smb_vwv[ 6]= 0 (0x0) > smb_vwv[ 7]= 0 (0x0) > smb_vwv[ 8]= 0 (0x0) > smb_vwv[ 9]= 0 (0x0) > smb_vwv[10]= 84 (0x54) > smb_vwv[11]= 1308 (0x51C) > smb_vwv[12]= 84 (0x54) > smb_vwv[13]= 2 (0x2) > smb_vwv[14]= 38 (0x26) > smb_vwv[15]=17756 (0x455C) > smb_bcc=1325 >[2012/08/30 15:27:52.777333, 10] ../lib/util/util.c:415(dump_data) > [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... > [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ > [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 20 00 00 ........ ..... .. > [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ > [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ >[2012/08/30 15:27:52.780139, 3] smbd/process.c:1467(switch_message) > switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 >[2012/08/30 15:27:52.780425, 4] smbd/uid.c:351(change_to_user) > Skipping user change - already user >[2012/08/30 15:27:52.780560, 3] smbd/ipc.c:560(handle_trans) > trans <\PIPE\> data=1308 params=0 setup=2 >[2012/08/30 15:27:52.780686, 5] smbd/ipc.c:593(handle_trans) > calling named_pipe >[2012/08/30 15:27:52.780849, 3] smbd/ipc.c:511(named_pipe) > named pipe command on <> name >[2012/08/30 15:27:52.780971, 5] smbd/ipc.c:434(api_fd_reply) > api_fd_reply >[2012/08/30 15:27:52.781107, 3] smbd/ipc.c:475(api_fd_reply) > Got API command 0x26 on pipe "spoolss" (pnum 455c) >[2012/08/30 15:27:52.781245, 10] smbd/ipc.c:477(api_fd_reply) > api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 >[2012/08/30 15:27:52.781384, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) > np_write_send: len: 1308 >[2012/08/30 15:27:52.781546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1308 >[2012/08/30 15:27:52.781668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 >[2012/08/30 15:27:52.781805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) > fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 >[2012/08/30 15:27:52.781940, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 16 >[2012/08/30 15:27:52.782062, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.782182, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 >[2012/08/30 15:27:52.782303, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) > write_to_pipe: data_used = 0 >[2012/08/30 15:27:52.782439, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) > write_to_pipe: data_left = 1292 >[2012/08/30 15:27:52.782574, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) > process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 >[2012/08/30 15:27:52.782711, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) > PDU is in Little Endian format! >[2012/08/30 15:27:52.782839, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x051c (1308) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000504 (1284) > context_id : 0x0000 (0) > opnum : 0x0008 (8) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=1284 > [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0500] E0 04 00 00 .... >[2012/08/30 15:27:52.791104, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) > Processing packet type 0 >[2012/08/30 15:27:52.791247, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) > Checking request auth. >[2012/08/30 15:27:52.791542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) > Requested \PIPE\\spoolss >[2012/08/30 15:27:52.791682, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) > api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER >[2012/08/30 15:27:52.791819, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) > api_rpc_cmds[8].fn == 0x7fd50aed3850 >[2012/08/30 15:27:52.791949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > in: struct spoolss_GetPrinter > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000020-0000-0000-3f50-b8beee0b0000 > level : 0x00000002 (2) > buffer : * > buffer : DATA_BLOB length=1248 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > offered : 0x000004e0 (1248) >[2012/08/30 15:27:52.799928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.800164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.800375, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) > short name:HP_4515 >[2012/08/30 15:27:52.800524, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) > Create pipe requested \winreg >[2012/08/30 15:27:52.800666, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) > init_pipe_handle_list: created handle list for pipe \winreg >[2012/08/30 15:27:52.800800, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) > init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg >[2012/08/30 15:27:52.800928, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) > Created internal pipe \winreg (pipes_open=0) >[2012/08/30 15:27:52.801069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.801904, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.802039, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (2->3) >[2012/08/30 15:27:52.802175, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.802320, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.802456, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.802574, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.802738, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.802874, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.803006, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.803210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.803761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.805569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.805790, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.805911, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (3->4) >[2012/08/30 15:27:52.806049, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806182, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806303, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.806422, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.806569, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.806722, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.806857, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.806995, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807114, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807249, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.807385, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807560, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.807719, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.807855, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.808021, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808138, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808275, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.808394, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808531, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.808666, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.808802, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.808925, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809044, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809185, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.809305, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.809466, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.809601, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.809723, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.809857, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.809978, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.810111, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.810382, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.810509, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.810650, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.810771, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.810893, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.811019, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.811175, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.811327, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.811449, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.811767, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.811902, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812040, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.812184, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812353, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.812512, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.812653, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.812791, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.814654, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.814813, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.814936, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.815074, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.815198, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.815414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.816155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > in: struct winreg_QueryInfoKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL >[2012/08/30 15:27:52.816920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.817125, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.817259, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.817405, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.817543, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.817665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.817787, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.817906, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.818042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.818178, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.818315, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.818437, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.818558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.818694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.818816, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.818952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.819074, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.819209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.819329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.819464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.819648, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.819771, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.826429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryInfoKey: struct winreg_QueryInfoKey > out: struct winreg_QueryInfoKey > classname : * > classname: struct winreg_String > name_len : 0x0000 (0) > name_size : 0x0000 (0) > name : NULL > num_subkeys : * > num_subkeys : 0x00000003 (3) > max_subkeylen : * > max_subkeylen : 0x00000022 (34) > max_classlen : * > max_classlen : 0x00000000 (0) > num_values : * > num_values : 0x00000012 (18) > max_valnamelen : * > max_valnamelen : 0x00000022 (34) > max_valbufsize : * > max_valbufsize : 0x000000f8 (248) > secdescsize : * > secdescsize : 0x00000078 (120) > last_changed_time : * > last_changed_time : NTTIME(0) > result : WERR_OK >[2012/08/30 15:27:52.828244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000000 (0) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.829843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.830065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.830209, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Attributes' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x48 (72) > [1] : 0x10 (16) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.831704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000001 (1) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.833147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.833370, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.833511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Datatype' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(8) > [0] : 0x52 (82) > [1] : 0x00 (0) > [2] : 0x41 (65) > [3] : 0x00 (0) > [4] : 0x57 (87) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > size : * > size : 0x00000008 (8) > length : * > length : 0x00000008 (8) > result : WERR_OK >[2012/08/30 15:27:52.835568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000002 (2) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.836981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.837180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.837354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0022 (34) > size : 0x0024 (36) > name : * > name : 'Default Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.838767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000003 (3) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.840379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.840590, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.840722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Port' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(38) > [0] : 0x53 (83) > [1] : 0x00 (0) > [2] : 0x61 (97) > [3] : 0x00 (0) > [4] : 0x6d (109) > [5] : 0x00 (0) > [6] : 0x62 (98) > [7] : 0x00 (0) > [8] : 0x61 (97) > [9] : 0x00 (0) > [10] : 0x20 (32) > [11] : 0x00 (0) > [12] : 0x50 (80) > [13] : 0x00 (0) > [14] : 0x72 (114) > [15] : 0x00 (0) > [16] : 0x69 (105) > [17] : 0x00 (0) > [18] : 0x6e (110) > [19] : 0x00 (0) > [20] : 0x74 (116) > [21] : 0x00 (0) > [22] : 0x65 (101) > [23] : 0x00 (0) > [24] : 0x72 (114) > [25] : 0x00 (0) > [26] : 0x20 (32) > [27] : 0x00 (0) > [28] : 0x50 (80) > [29] : 0x00 (0) > [30] : 0x6f (111) > [31] : 0x00 (0) > [32] : 0x72 (114) > [33] : 0x00 (0) > [34] : 0x74 (116) > [35] : 0x00 (0) > [36] : 0x00 (0) > [37] : 0x00 (0) > size : * > size : 0x00000026 (38) > length : * > length : 0x00000026 (38) > result : WERR_OK >[2012/08/30 15:27:52.844422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000004 (4) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.845860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.846078, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.846219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000a (10) > size : 0x0024 (36) > name : * > name : 'Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.848331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000005 (5) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.849618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.849853, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.849977, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0020 (32) > size : 0x0024 (36) > name : * > name : 'Print Processor' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(18) > [0] : 0x77 (119) > [1] : 0x00 (0) > [2] : 0x69 (105) > [3] : 0x00 (0) > [4] : 0x6e (110) > [5] : 0x00 (0) > [6] : 0x70 (112) > [7] : 0x00 (0) > [8] : 0x72 (114) > [9] : 0x00 (0) > [10] : 0x69 (105) > [11] : 0x00 (0) > [12] : 0x6e (110) > [13] : 0x00 (0) > [14] : 0x74 (116) > [15] : 0x00 (0) > [16] : 0x00 (0) > [17] : 0x00 (0) > size : * > size : 0x00000012 (18) > length : * > length : 0x00000012 (18) > result : WERR_OK >[2012/08/30 15:27:52.852266, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000006 (6) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.853576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.853770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.853890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Priority' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.855426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000007 (7) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.856784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.856982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.857103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > value : * > value: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.873534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000008 (8) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.875348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.876533, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.876662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Share Name' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.878769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000009 (9) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.880076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.880274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.880438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'StartTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.881769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000a (10) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.883045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.883240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.883361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0014 (20) > size : 0x0024 (36) > name : * > name : 'UntilTime' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.884768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000b (11) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.886129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.886329, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.886458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0018 (24) > size : 0x0024 (36) > name : * > name : 'Description' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(26) > [0] : 0x63 (99) > [1] : 0x00 (0) > [2] : 0x75 (117) > [3] : 0x00 (0) > [4] : 0x70 (112) > [5] : 0x00 (0) > [6] : 0x73 (115) > [7] : 0x00 (0) > [8] : 0x20 (32) > [9] : 0x00 (0) > [10] : 0x70 (112) > [11] : 0x00 (0) > [12] : 0x72 (114) > [13] : 0x00 (0) > [14] : 0x69 (105) > [15] : 0x00 (0) > [16] : 0x6e (110) > [17] : 0x00 (0) > [18] : 0x74 (116) > [19] : 0x00 (0) > [20] : 0x65 (101) > [21] : 0x00 (0) > [22] : 0x72 (114) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > size : * > size : 0x0000001a (26) > length : * > length : 0x0000001a (26) > result : WERR_OK >[2012/08/30 15:27:52.889346, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000c (12) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.890649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.890845, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.890967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Printer Driver' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(16) > [0] : 0x48 (72) > [1] : 0x00 (0) > [2] : 0x50 (80) > [3] : 0x00 (0) > [4] : 0x5f (95) > [5] : 0x00 (0) > [6] : 0x34 (52) > [7] : 0x00 (0) > [8] : 0x35 (53) > [9] : 0x00 (0) > [10] : 0x31 (49) > [11] : 0x00 (0) > [12] : 0x35 (53) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > size : * > size : 0x00000010 (16) > length : * > length : 0x00000010 (16) > result : WERR_OK >[2012/08/30 15:27:52.893077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000d (13) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.894717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.894936, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.895063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'Location' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.896321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000e (14) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.897662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.897870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.897997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0016 (22) > size : 0x0024 (36) > name : * > name : 'Parameters' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.899219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x0000000f (15) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.900757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.900955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.901077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x001e (30) > size : 0x0024 (36) > name : * > name : 'Separator File' > type : * > type : REG_SZ (1) > value : * > value: ARRAY(2) > [0] : 0x00 (0) > [1] : 0x00 (0) > size : * > size : 0x00000002 (2) > length : * > length : 0x00000002 (2) > result : WERR_OK >[2012/08/30 15:27:52.902323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000010 (16) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.903671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.903870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.904029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x000e (14) > size : 0x0024 (36) > name : * > name : 'Status' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x00 (0) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.905339, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > in: struct winreg_EnumValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > enum_index : 0x00000011 (17) > name : * > name: struct winreg_ValNameBuf > length : 0x0002 (2) > size : 0x0024 (36) > name : * > name : '' > type : * > type : REG_NONE (0) > value : * > value: ARRAY(0) > size : * > size : 0x000000f8 (248) > length : * > length : 0x00000000 (0) >[2012/08/30 15:27:52.906651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.906862, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) > _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.906983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_EnumValue: struct winreg_EnumValue > out: struct winreg_EnumValue > name : * > name: struct winreg_ValNameBuf > length : 0x0012 (18) > size : 0x0024 (36) > name : * > name : 'ChangeID' > type : * > type : REG_DWORD (4) > value : * > value: ARRAY(4) > [0] : 0x09 (9) > [1] : 0x7d (125) > [2] : 0x00 (0) > [3] : 0x00 (0) > size : * > size : 0x00000004 (4) > length : * > length : 0x00000004 (4) > result : WERR_OK >[2012/08/30 15:27:52.908418, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0020 (32) > name_size : 0x0020 (32) > name : * > name : 'Default DevMode' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.909679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.909879, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.910001, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.910122, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) > _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE >[2012/08/30 15:27:52.910338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) > result : WERR_BADFILE >[2012/08/30 15:27:52.911039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > in: struct winreg_OpenHKLM > system_name : NULL > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.912021, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HKLM] >[2012/08/30 15:27:52.912146, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (4->5) >[2012/08/30 15:27:52.912268, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM] >[2012/08/30 15:27:52.912385, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM] >[2012/08/30 15:27:52.912519, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.912635, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] >[2012/08/30 15:27:52.912781, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM] >[2012/08/30 15:27:52.912919, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.913042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.913240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenHKLM: struct winreg_OpenHKLM > out: struct winreg_OpenHKLM > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.913747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > in: struct winreg_OpenKey > parent_handle : * > parent_handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 > keyname: struct winreg_String > name_len : 0x0088 (136) > name_size : 0x0088 (136) > name : * > name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' > options : 0x00000000 (0) > 0: REG_OPTION_VOLATILE > 0: REG_OPTION_CREATE_LINK > 0: REG_OPTION_BACKUP_RESTORE > 0: REG_OPTION_OPEN_LINK > access_mask : 0x02000000 (33554432) > 0: KEY_QUERY_VALUE > 0: KEY_SET_VALUE > 0: KEY_CREATE_SUB_KEY > 0: KEY_ENUMERATE_SUB_KEYS > 0: KEY_NOTIFY > 0: KEY_CREATE_LINK > 0: KEY_WOW64_64KEY > 0: KEY_WOW64_32KEY >[2012/08/30 15:27:52.915741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.915993, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [SOFTWARE] >[2012/08/30 15:27:52.916132, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (5->6) >[2012/08/30 15:27:52.916277, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916394, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916515, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.916631, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] >[2012/08/30 15:27:52.916778, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] >[2012/08/30 15:27:52.916979, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Microsoft] >[2012/08/30 15:27:52.917099, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (6->7) >[2012/08/30 15:27:52.917220, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917341, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917461, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.917578, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] >[2012/08/30 15:27:52.917853, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Windows NT] >[2012/08/30 15:27:52.917971, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (7->8) >[2012/08/30 15:27:52.918095, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918211, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918329, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.918446, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918598, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] >[2012/08/30 15:27:52.918732, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [CurrentVersion] >[2012/08/30 15:27:52.918852, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (8->9) >[2012/08/30 15:27:52.918976, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919092, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919210, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.919343, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] >[2012/08/30 15:27:52.919487, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Print] >[2012/08/30 15:27:52.919637, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (9->10) >[2012/08/30 15:27:52.919785, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.919903, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.920050, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.920167, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] >[2012/08/30 15:27:52.920310, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [Printers] >[2012/08/30 15:27:52.920433, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (10->11) >[2012/08/30 15:27:52.920554, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.920671, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.920789, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.920907, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.921044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] >[2012/08/30 15:27:52.921180, 7] registry/reg_api.c:141(regkey_open_onelevel) > regkey_open_onelevel: name = [HP_4515] >[2012/08/30 15:27:52.921301, 10] registry/reg_backend_db.c:583(regdb_open) > regdb_open: incrementing refcount (11->12) >[2012/08/30 15:27:52.921422, 10] registry/reg_cachehook.c:122(reghook_cache_find) > reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921539, 10] lib/adt_tree.c:367(pathtree_find) > pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921660, 10] lib/adt_tree.c:440(pathtree_find) > pathtree_find: Exit >[2012/08/30 15:27:52.921775, 10] registry/reg_cachehook.c:127(reghook_cache_find) > reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.921913, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) > regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.922066, 10] ../libcli/security/access_check.c:178(se_access_check) > se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f >[2012/08/30 15:27:52.922187, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (12->11) >[2012/08/30 15:27:52.922305, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (11->10) >[2012/08/30 15:27:52.922434, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (10->9) >[2012/08/30 15:27:52.922558, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (9->8) >[2012/08/30 15:27:52.922677, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (8->7) >[2012/08/30 15:27:52.922794, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (7->6) >[2012/08/30 15:27:52.922916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) > Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.923111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_OpenKey: struct winreg_OpenKey > out: struct winreg_OpenKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > result : WERR_OK >[2012/08/30 15:27:52.923805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_NONE (0) > data : NULL > data_size : * > data_size : 0x00000000 (0) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.925048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.925247, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.925385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.925504, 10] registry/reg_dispatcher.c:150(fetch_reg_values) > fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) >[2012/08/30 15:27:52.925625, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) > regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.925782, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[0]: name[Attributes] len[4] >[2012/08/30 15:27:52.925903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[1]: name[Datatype] len[8] >[2012/08/30 15:27:52.926023, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[2]: name[Default Priority] len[4] >[2012/08/30 15:27:52.926145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[3]: name[Port] len[38] >[2012/08/30 15:27:52.926265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[4]: name[Name] len[16] >[2012/08/30 15:27:52.926385, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[5]: name[Print Processor] len[18] >[2012/08/30 15:27:52.926505, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[6]: name[Priority] len[4] >[2012/08/30 15:27:52.926630, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[7]: name[Security] len[248] >[2012/08/30 15:27:52.926878, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[8]: name[Share Name] len[16] >[2012/08/30 15:27:52.927003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[9]: name[StartTime] len[4] >[2012/08/30 15:27:52.927123, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[10]: name[UntilTime] len[4] >[2012/08/30 15:27:52.927243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[11]: name[Description] len[26] >[2012/08/30 15:27:52.927365, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[12]: name[Printer Driver] len[16] >[2012/08/30 15:27:52.927484, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[13]: name[Location] len[2] >[2012/08/30 15:27:52.928445, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[14]: name[Parameters] len[2] >[2012/08/30 15:27:52.928568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[15]: name[Separator File] len[2] >[2012/08/30 15:27:52.928688, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[16]: name[Status] len[4] >[2012/08/30 15:27:52.928807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) > regdb_unpack_values: value[17]: name[ChangeID] len[4] >[2012/08/30 15:27:52.928933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : NULL > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) > result : WERR_OK >[2012/08/30 15:27:52.929719, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > in: struct winreg_QueryValue > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 > value_name : * > value_name: struct winreg_String > name_len : 0x0012 (18) > name_size : 0x0012 (18) > name : * > name : 'Security' > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x00000000 (0) >[2012/08/30 15:27:52.930970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.931170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) > _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] >[2012/08/30 15:27:52.931295, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) > _winreg_QueryValue: policy key type = [00000000] >[2012/08/30 15:27:52.931422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_QueryValue: struct winreg_QueryValue > out: struct winreg_QueryValue > type : * > type : REG_BINARY (3) > data : * > data: ARRAY(248) > [0] : 0x01 (1) > [1] : 0x00 (0) > [2] : 0x04 (4) > [3] : 0x80 (128) > [4] : 0x14 (20) > [5] : 0x00 (0) > [6] : 0x00 (0) > [7] : 0x00 (0) > [8] : 0x24 (36) > [9] : 0x00 (0) > [10] : 0x00 (0) > [11] : 0x00 (0) > [12] : 0x00 (0) > [13] : 0x00 (0) > [14] : 0x00 (0) > [15] : 0x00 (0) > [16] : 0x34 (52) > [17] : 0x00 (0) > [18] : 0x00 (0) > [19] : 0x00 (0) > [20] : 0x01 (1) > [21] : 0x02 (2) > [22] : 0x00 (0) > [23] : 0x00 (0) > [24] : 0x00 (0) > [25] : 0x00 (0) > [26] : 0x00 (0) > [27] : 0x05 (5) > [28] : 0x20 (32) > [29] : 0x00 (0) > [30] : 0x00 (0) > [31] : 0x00 (0) > [32] : 0x20 (32) > [33] : 0x02 (2) > [34] : 0x00 (0) > [35] : 0x00 (0) > [36] : 0x01 (1) > [37] : 0x02 (2) > [38] : 0x00 (0) > [39] : 0x00 (0) > [40] : 0x00 (0) > [41] : 0x00 (0) > [42] : 0x00 (0) > [43] : 0x05 (5) > [44] : 0x20 (32) > [45] : 0x00 (0) > [46] : 0x00 (0) > [47] : 0x00 (0) > [48] : 0x20 (32) > [49] : 0x02 (2) > [50] : 0x00 (0) > [51] : 0x00 (0) > [52] : 0x02 (2) > [53] : 0x00 (0) > [54] : 0xc4 (196) > [55] : 0x00 (0) > [56] : 0x07 (7) > [57] : 0x00 (0) > [58] : 0x00 (0) > [59] : 0x00 (0) > [60] : 0x00 (0) > [61] : 0x02 (2) > [62] : 0x14 (20) > [63] : 0x00 (0) > [64] : 0x08 (8) > [65] : 0x00 (0) > [66] : 0x02 (2) > [67] : 0x20 (32) > [68] : 0x01 (1) > [69] : 0x01 (1) > [70] : 0x00 (0) > [71] : 0x00 (0) > [72] : 0x00 (0) > [73] : 0x00 (0) > [74] : 0x00 (0) > [75] : 0x01 (1) > [76] : 0x00 (0) > [77] : 0x00 (0) > [78] : 0x00 (0) > [79] : 0x00 (0) > [80] : 0x00 (0) > [81] : 0x09 (9) > [82] : 0x24 (36) > [83] : 0x00 (0) > [84] : 0x0c (12) > [85] : 0x00 (0) > [86] : 0x0f (15) > [87] : 0x10 (16) > [88] : 0x01 (1) > [89] : 0x05 (5) > [90] : 0x00 (0) > [91] : 0x00 (0) > [92] : 0x00 (0) > [93] : 0x00 (0) > [94] : 0x00 (0) > [95] : 0x05 (5) > [96] : 0x15 (21) > [97] : 0x00 (0) > [98] : 0x00 (0) > [99] : 0x00 (0) > [100] : 0x1b (27) > [101] : 0xea (234) > [102] : 0xaf (175) > [103] : 0xc2 (194) > [104] : 0xc0 (192) > [105] : 0x3c (60) > [106] : 0x7d (125) > [107] : 0xdd (221) > [108] : 0x2c (44) > [109] : 0x8f (143) > [110] : 0x72 (114) > [111] : 0xd3 (211) > [112] : 0x00 (0) > [113] : 0x02 (2) > [114] : 0x00 (0) > [115] : 0x00 (0) > [116] : 0x00 (0) > [117] : 0x02 (2) > [118] : 0x24 (36) > [119] : 0x00 (0) > [120] : 0x0c (12) > [121] : 0x00 (0) > [122] : 0x0f (15) > [123] : 0x10 (16) > [124] : 0x01 (1) > [125] : 0x05 (5) > [126] : 0x00 (0) > [127] : 0x00 (0) > [128] : 0x00 (0) > [129] : 0x00 (0) > [130] : 0x00 (0) > [131] : 0x05 (5) > [132] : 0x15 (21) > [133] : 0x00 (0) > [134] : 0x00 (0) > [135] : 0x00 (0) > [136] : 0x1b (27) > [137] : 0xea (234) > [138] : 0xaf (175) > [139] : 0xc2 (194) > [140] : 0xc0 (192) > [141] : 0x3c (60) > [142] : 0x7d (125) > [143] : 0xdd (221) > [144] : 0x2c (44) > [145] : 0x8f (143) > [146] : 0x72 (114) > [147] : 0xd3 (211) > [148] : 0x00 (0) > [149] : 0x02 (2) > [150] : 0x00 (0) > [151] : 0x00 (0) > [152] : 0x00 (0) > [153] : 0x09 (9) > [154] : 0x18 (24) > [155] : 0x00 (0) > [156] : 0x0c (12) > [157] : 0x00 (0) > [158] : 0x0f (15) > [159] : 0x10 (16) > [160] : 0x01 (1) > [161] : 0x02 (2) > [162] : 0x00 (0) > [163] : 0x00 (0) > [164] : 0x00 (0) > [165] : 0x00 (0) > [166] : 0x00 (0) > [167] : 0x05 (5) > [168] : 0x20 (32) > [169] : 0x00 (0) > [170] : 0x00 (0) > [171] : 0x00 (0) > [172] : 0x20 (32) > [173] : 0x02 (2) > [174] : 0x00 (0) > [175] : 0x00 (0) > [176] : 0x00 (0) > [177] : 0x02 (2) > [178] : 0x18 (24) > [179] : 0x00 (0) > [180] : 0x0c (12) > [181] : 0x00 (0) > [182] : 0x0f (15) > [183] : 0x10 (16) > [184] : 0x01 (1) > [185] : 0x02 (2) > [186] : 0x00 (0) > [187] : 0x00 (0) > [188] : 0x00 (0) > [189] : 0x00 (0) > [190] : 0x00 (0) > [191] : 0x05 (5) > [192] : 0x20 (32) > [193] : 0x00 (0) > [194] : 0x00 (0) > [195] : 0x00 (0) > [196] : 0x20 (32) > [197] : 0x02 (2) > [198] : 0x00 (0) > [199] : 0x00 (0) > [200] : 0x00 (0) > [201] : 0x09 (9) > [202] : 0x18 (24) > [203] : 0x00 (0) > [204] : 0x0c (12) > [205] : 0x00 (0) > [206] : 0x0f (15) > [207] : 0x10 (16) > [208] : 0x01 (1) > [209] : 0x02 (2) > [210] : 0x00 (0) > [211] : 0x00 (0) > [212] : 0x00 (0) > [213] : 0x00 (0) > [214] : 0x00 (0) > [215] : 0x05 (5) > [216] : 0x20 (32) > [217] : 0x00 (0) > [218] : 0x00 (0) > [219] : 0x00 (0) > [220] : 0x26 (38) > [221] : 0x02 (2) > [222] : 0x00 (0) > [223] : 0x00 (0) > [224] : 0x00 (0) > [225] : 0x02 (2) > [226] : 0x18 (24) > [227] : 0x00 (0) > [228] : 0x0c (12) > [229] : 0x00 (0) > [230] : 0x0f (15) > [231] : 0x10 (16) > [232] : 0x01 (1) > [233] : 0x02 (2) > [234] : 0x00 (0) > [235] : 0x00 (0) > [236] : 0x00 (0) > [237] : 0x00 (0) > [238] : 0x00 (0) > [239] : 0x05 (5) > [240] : 0x20 (32) > [241] : 0x00 (0) > [242] : 0x00 (0) > [243] : 0x00 (0) > [244] : 0x26 (38) > [245] : 0x02 (2) > [246] : 0x00 (0) > [247] : 0x00 (0) > data_size : * > data_size : 0x000000f8 (248) > data_length : * > data_length : 0x000000f8 (248) > result : WERR_OK >[2012/08/30 15:27:52.947832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 0000002a-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.948409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.948643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.948837, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.948963, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (6->5) >[2012/08/30 15:27:52.949082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.949602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000029-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.950045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.950260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.950464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.950589, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (5->4) >[2012/08/30 15:27:52.950708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.951215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000028-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.951704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.951906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.952139, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.952262, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (4->3) >[2012/08/30 15:27:52.952380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.952887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > in: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000027-0000-0000-3f50-b8beee0b0000 >[2012/08/30 15:27:52.953320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.953526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) > Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. > [0010] EE 0B 00 00 .... >[2012/08/30 15:27:52.953726, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) > Closed policy >[2012/08/30 15:27:52.953845, 10] registry/reg_backend_db.c:619(regdb_close) > regdb_close: decrementing refcount (3->2) >[2012/08/30 15:27:52.953964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > winreg_CloseKey: struct winreg_CloseKey > out: struct winreg_CloseKey > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : 00000000-0000-0000-0000-000000000000 > result : WERR_OK >[2012/08/30 15:27:52.954550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) > spoolss_GetPrinter: struct spoolss_GetPrinter > out: struct spoolss_GetPrinter > info : * > info : union spoolss_PrinterInfo(case 2) > info2: struct spoolss_PrinterInfo2 > servername : * > servername : '\\orange' > printername : * > printername : '\\orange\HP_4515' > sharename : * > sharename : 'HP_4515' > portname : * > portname : 'Samba Printer Port' > drivername : * > drivername : 'HP_4515' > comment : * > comment : 'cups printer' > location : * > location : '' > devmode : * > devmode: struct spoolss_DeviceMode > devicename : '\\orange\HP_4515' > specversion : DMSPEC_NT4_AND_ABOVE (1025) > driverversion : 0x0400 (1024) > size : 0x00dc (220) > __driverextra_length : 0x0000 (0) > fields : 0x00014713 (83731) > 1: DEVMODE_ORIENTATION > 1: DEVMODE_PAPERSIZE > 0: DEVMODE_PAPERLENGTH > 0: DEVMODE_PAPERWIDTH > 1: DEVMODE_SCALE > 0: DEVMODE_POSITION > 0: DEVMODE_NUP > 1: DEVMODE_COPIES > 1: DEVMODE_DEFAULTSOURCE > 1: DEVMODE_PRINTQUALITY > 0: DEVMODE_COLOR > 0: DEVMODE_DUPLEX > 0: DEVMODE_YRESOLUTION > 1: DEVMODE_TTOPTION > 0: DEVMODE_COLLATE > 1: DEVMODE_FORMNAME > 0: DEVMODE_LOGPIXELS > 0: DEVMODE_BITSPERPEL > 0: DEVMODE_PELSWIDTH > 0: DEVMODE_PELSHEIGHT > 0: DEVMODE_DISPLAYFLAGS > 0: DEVMODE_DISPLAYFREQUENCY > 0: DEVMODE_ICMMETHOD > 0: DEVMODE_ICMINTENT > 0: DEVMODE_MEDIATYPE > 0: DEVMODE_DITHERTYPE > 0: DEVMODE_PANNINGWIDTH > 0: DEVMODE_PANNINGHEIGHT > orientation : DMORIENT_PORTRAIT (1) > papersize : DMPAPER_LETTER (1) > paperlength : 0x0000 (0) > paperwidth : 0x0000 (0) > scale : 0x0064 (100) > copies : 0x0001 (1) > defaultsource : DMBIN_FORMSOURCE (15) > printquality : DMRES_HIGH (65532) > color : DMRES_MONOCHROME (1) > duplex : DMDUP_SIMPLEX (1) > yresolution : 0x0000 (0) > ttoption : DMTT_SUBDEV (3) > collate : DMCOLLATE_FALSE (0) > formname : 'Letter' > logpixels : 0x0000 (0) > bitsperpel : 0x00000000 (0) > pelswidth : 0x00000000 (0) > pelsheight : 0x00000000 (0) > displayflags : UNKNOWN_ENUM_VALUE (0) > displayfrequency : 0x00000000 (0) > icmmethod : UNKNOWN_ENUM_VALUE (0) > icmintent : UNKNOWN_ENUM_VALUE (0) > mediatype : UNKNOWN_ENUM_VALUE (0) > dithertype : UNKNOWN_ENUM_VALUE (0) > reserved1 : 0x00000000 (0) > reserved2 : 0x00000000 (0) > panningwidth : 0x00000000 (0) > panningheight : 0x00000000 (0) > driverextra_data : DATA_BLOB length=0 > sepfile : * > sepfile : '' > printprocessor : * > printprocessor : 'winprint' > datatype : * > datatype : 'RAW' > parameters : * > parameters : '' > secdesc : * > secdesc: struct security_descriptor > revision : SECURITY_DESCRIPTOR_REVISION_1 (1) > type : 0x8004 (32772) > 0: SEC_DESC_OWNER_DEFAULTED > 0: SEC_DESC_GROUP_DEFAULTED > 1: SEC_DESC_DACL_PRESENT > 0: SEC_DESC_DACL_DEFAULTED > 0: SEC_DESC_SACL_PRESENT > 0: SEC_DESC_SACL_DEFAULTED > 0: SEC_DESC_DACL_TRUSTED > 0: SEC_DESC_SERVER_SECURITY > 0: SEC_DESC_DACL_AUTO_INHERIT_REQ > 0: SEC_DESC_SACL_AUTO_INHERIT_REQ > 0: SEC_DESC_DACL_AUTO_INHERITED > 0: SEC_DESC_SACL_AUTO_INHERITED > 0: SEC_DESC_DACL_PROTECTED > 0: SEC_DESC_SACL_PROTECTED > 0: SEC_DESC_RM_CONTROL_VALID > 1: SEC_DESC_SELF_RELATIVE > owner_sid : * > owner_sid : S-1-5-32-544 > group_sid : * > group_sid : S-1-5-32-544 > sacl : NULL > dacl : * > dacl: struct security_acl > revision : SECURITY_ACL_REVISION_NT4 (2) > size : 0x00c4 (196) > num_aces : 0x00000007 (7) > aces: ARRAY(7) > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0014 (20) > access_mask : 0x20020008 (537001992) > object : union security_ace_object_ctr(case 0) > trustee : S-1-1-0 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0024 (36) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-21-3266308635-3715972288-3547500332-512 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-544 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x09 (9) > 1: SEC_ACE_FLAG_OBJECT_INHERIT > 0: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 1: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > aces: struct security_ace > type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) > flags : 0x02 (2) > 0: SEC_ACE_FLAG_OBJECT_INHERIT > 1: SEC_ACE_FLAG_CONTAINER_INHERIT > 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT > 0: SEC_ACE_FLAG_INHERIT_ONLY > 0: SEC_ACE_FLAG_INHERITED_ACE > 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) > 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS > 0: SEC_ACE_FLAG_FAILED_ACCESS > size : 0x0018 (24) > access_mask : 0x100f000c (269418508) > object : union security_ace_object_ctr(case 0) > trustee : S-1-5-32-550 > attributes : 0x00001048 (4168) > 0: PRINTER_ATTRIBUTE_QUEUED > 0: PRINTER_ATTRIBUTE_DIRECT > 0: PRINTER_ATTRIBUTE_DEFAULT > 1: PRINTER_ATTRIBUTE_SHARED > 0: PRINTER_ATTRIBUTE_NETWORK > 0: PRINTER_ATTRIBUTE_HIDDEN > 1: PRINTER_ATTRIBUTE_LOCAL > 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ > 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS > 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST > 0: PRINTER_ATTRIBUTE_WORK_OFFLINE > 0: PRINTER_ATTRIBUTE_ENABLE_BIDI > 1: PRINTER_ATTRIBUTE_RAW_ONLY > 0: PRINTER_ATTRIBUTE_PUBLISHED > 0: PRINTER_ATTRIBUTE_FAX > 0: PRINTER_ATTRIBUTE_TS > priority : 0x00000001 (1) > defaultpriority : 0x00000001 (1) > starttime : 0x00000000 (0) > untiltime : 0x00000000 (0) > status : 0x00000000 (0) > 0: PRINTER_STATUS_PAUSED > 0: PRINTER_STATUS_ERROR > 0: PRINTER_STATUS_PENDING_DELETION > 0: PRINTER_STATUS_PAPER_JAM > 0: PRINTER_STATUS_PAPER_OUT > 0: PRINTER_STATUS_MANUAL_FEED > 0: PRINTER_STATUS_PAPER_PROBLEM > 0: PRINTER_STATUS_OFFLINE > 0: PRINTER_STATUS_IO_ACTIVE > 0: PRINTER_STATUS_BUSY > 0: PRINTER_STATUS_PRINTING > 0: PRINTER_STATUS_OUTPUT_BIN_FULL > 0: PRINTER_STATUS_NOT_AVAILABLE > 0: PRINTER_STATUS_WAITING > 0: PRINTER_STATUS_PROCESSING > 0: PRINTER_STATUS_INITIALIZING > 0: PRINTER_STATUS_WARMING_UP > 0: PRINTER_STATUS_TONER_LOW > 0: PRINTER_STATUS_NO_TONER > 0: PRINTER_STATUS_PAGE_PUNT > 0: PRINTER_STATUS_USER_INTERVENTION > 0: PRINTER_STATUS_OUT_OF_MEMORY > 0: PRINTER_STATUS_DOOR_OPEN > 0: PRINTER_STATUS_SERVER_UNKNOWN > 0: PRINTER_STATUS_POWER_SAVE > cjobs : 0x00000000 (0) > averageppm : 0x00000000 (0) > needed : * > needed : 0x00000308 (776) > result : WERR_OK >[2012/08/3