[2012/09/14 16:36:32.039058, 1] printing/printer_list.c:94(printer_list_get_printer) Failed to fetch record! [2012/09/14 16:36:32.039381, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x00000260 (608) result : WERR_INSUFFICIENT_BUFFER [2012/09/14 16:36:32.039928, 10, class=rpc_srv] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/09/14 16:36:32.040154, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0f030000-0000-0000-5350-7fbf641b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=608 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x00000260 (608) [2012/09/14 16:36:32.057233, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 03 00 00 00 00 00 00 53 50 7F BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.057830, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 0F 03 00 00 00 00 00 00 53 50 7F BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.058423, 4, class=rpc_srv] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:spew [2012/09/14 16:36:32.058639, 4, class=rpc_srv] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/09/14 16:36:32.058808, 10, class=rpc_srv] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/09/14 16:36:32.058950, 10, class=rpc_srv] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/09/14 16:36:32.059116, 4, class=rpc_srv] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/09/14 16:36:32.059361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/09/14 16:36:32.060206, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/09/14 16:36:32.060343, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/09/14 16:36:32.060503, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/09/14 16:36:32.060630, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/09/14 16:36:32.060750, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.060872, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM] [2012/09/14 16:36:32.061102, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/09/14 16:36:32.061318, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/09/14 16:36:32.061493, 4, class=rpc_srv] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.062045, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 18030000-0000-0000-5350-80bf641b0000 result : WERR_OK [2012/09/14 16:36:32.062733, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 18030000-0000-0000-5350-80bf641b0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/09/14 16:36:32.064567, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.065183, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/09/14 16:36:32.065323, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/09/14 16:36:32.065486, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/09/14 16:36:32.065614, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/09/14 16:36:32.065747, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.065866, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE] [2012/09/14 16:36:32.066120, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/09/14 16:36:32.066360, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/09/14 16:36:32.066514, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/09/14 16:36:32.066686, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.066808, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.066931, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.067043, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.067279, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.067508, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/09/14 16:36:32.067643, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/09/14 16:36:32.067804, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.067927, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.068051, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.068164, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.068397, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.068643, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/09/14 16:36:32.068792, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/09/14 16:36:32.068962, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.069119, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.069247, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.069366, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.069660, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/09/14 16:36:32.069802, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/09/14 16:36:32.069971, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.070109, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.070239, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.070353, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.070616, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/09/14 16:36:32.070765, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/09/14 16:36:32.070938, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.071071, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.071213, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.071335, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.071693, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.071958, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [spew] [2012/09/14 16:36:32.072106, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/09/14 16:36:32.072285, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.072425, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.072566, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.072694, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.072928, 10, class=registry] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.073074, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.073320, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/09/14 16:36:32.073510, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/09/14 16:36:32.073656, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/09/14 16:36:32.073812, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/09/14 16:36:32.073960, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/09/14 16:36:32.074104, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/09/14 16:36:32.074313, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/09/14 16:36:32.074466, 4, class=rpc_srv] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.075043, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19030000-0000-0000-5350-80bf641b0000 result : WERR_OK [2012/09/14 16:36:32.075819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19030000-0000-0000-5350-80bf641b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/09/14 16:36:32.076774, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.077397, 10, class=registry] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew' (ops 100a342a8) [2012/09/14 16:36:32.077552, 10, class=registry] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.077808, 10, class=registry] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2012/09/14 16:36:32.077969, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.078222, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000000 (0) max_subkeylen : * max_subkeylen : 0x00000000 (0) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000001 (1) max_valnamelen : * max_valnamelen : 0x00000012 (18) max_valbufsize : * max_valbufsize : 0x000000b0 (176) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/09/14 16:36:32.080065, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19030000-0000-0000-5350-80bf641b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0014 (20) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000b0 (176) length : * length : 0x00000000 (0) [2012/09/14 16:36:32.081647, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.082243, 8, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.082388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0014 (20) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) size : * size : 0x000000b0 (176) length : * length : 0x000000b0 (176) result : WERR_OK [2012/09/14 16:36:32.099068, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19030000-0000-0000-5350-80bf641b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/09/14 16:36:32.100507, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.101107, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.101248, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/09/14 16:36:32.101383, 10, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/09/14 16:36:32.101523, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/09/14 16:36:32.102331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/09/14 16:36:32.103256, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/09/14 16:36:32.103401, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/09/14 16:36:32.103576, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/09/14 16:36:32.103711, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/09/14 16:36:32.103833, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.103949, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM] [2012/09/14 16:36:32.104179, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/09/14 16:36:32.104397, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/09/14 16:36:32.104574, 4, class=rpc_srv] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1A 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.105129, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1a030000-0000-0000-5350-80bf641b0000 result : WERR_OK [2012/09/14 16:36:32.105853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1a030000-0000-0000-5350-80bf641b0000 keyname: struct winreg_String name_len : 0x0082 (130) name_size : 0x0082 (130) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/09/14 16:36:32.107732, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.108329, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/09/14 16:36:32.108475, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/09/14 16:36:32.108642, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/09/14 16:36:32.108770, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/09/14 16:36:32.108902, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.109022, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE] [2012/09/14 16:36:32.109280, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/09/14 16:36:32.109516, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/09/14 16:36:32.109725, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/09/14 16:36:32.109896, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.110029, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.110164, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.110286, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.110541, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/09/14 16:36:32.110787, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/09/14 16:36:32.110930, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/09/14 16:36:32.111109, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.111249, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.111383, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.111511, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.111756, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/09/14 16:36:32.112010, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/09/14 16:36:32.112159, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/09/14 16:36:32.112341, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.112478, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.112619, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.112742, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/09/14 16:36:32.113047, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/09/14 16:36:32.113192, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/09/14 16:36:32.113370, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.113513, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.113652, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.113780, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a2d580 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/09/14 16:36:32.114053, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/09/14 16:36:32.114195, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/09/14 16:36:32.114371, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.114510, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.114644, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.114770, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.115123, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/09/14 16:36:32.115376, 7, class=registry] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [spew] [2012/09/14 16:36:32.115518, 10, class=registry] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/09/14 16:36:32.115696, 10, class=registry] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.115837, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.115973, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/09/14 16:36:32.116102, 10, class=registry] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 100a342a8 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.116345, 10, class=registry] registry/reg_backend_db.c:1656(regdb_fetch_keys_internal) regdb_fetch_keys: no subkeys found for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.116498, 10, class=registry] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.116745, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/09/14 16:36:32.116945, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/09/14 16:36:32.117108, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/09/14 16:36:32.117265, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/09/14 16:36:32.117423, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/09/14 16:36:32.117580, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/09/14 16:36:32.117735, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/09/14 16:36:32.117892, 4, class=rpc_srv] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1B 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.118489, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1b030000-0000-0000-5350-80bf641b0000 result : WERR_OK [2012/09/14 16:36:32.119184, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1b030000-0000-0000-5350-80bf641b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/09/14 16:36:32.120676, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.121275, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.121415, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/09/14 16:36:32.121553, 10, class=registry] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew' (ops 100a342a8) [2012/09/14 16:36:32.121705, 10, class=registry] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.121965, 10, class=registry] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Security] len[176] [2012/09/14 16:36:32.122123, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/09/14 16:36:32.122907, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1b030000-0000-0000-5350-80bf641b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x00000000 (0) [2012/09/14 16:36:32.124453, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.125072, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\spew] [2012/09/14 16:36:32.125220, 7, class=rpc_srv] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/09/14 16:36:32.125350, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(176) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0x7c (124) [55] : 0x00 (0) [56] : 0x05 (5) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x18 (24) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x02 (2) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x20 (32) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x20 (32) [101] : 0x02 (2) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x02 (2) [106] : 0x18 (24) [107] : 0x00 (0) [108] : 0x0c (12) [109] : 0x00 (0) [110] : 0x0f (15) [111] : 0x10 (16) [112] : 0x01 (1) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x05 (5) [120] : 0x20 (32) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x20 (32) [125] : 0x02 (2) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x09 (9) [130] : 0x18 (24) [131] : 0x00 (0) [132] : 0x0c (12) [133] : 0x00 (0) [134] : 0x0f (15) [135] : 0x10 (16) [136] : 0x01 (1) [137] : 0x02 (2) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x05 (5) [144] : 0x20 (32) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x26 (38) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x02 (2) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x26 (38) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) data_size : * data_size : 0x000000b0 (176) data_length : * data_length : 0x000000b0 (176) result : WERR_OK [2012/09/14 16:36:32.142315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1b030000-0000-0000-5350-80bf641b0000 [2012/09/14 16:36:32.142887, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.143447, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.144003, 3, class=rpc_srv] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/09/14 16:36:32.144198, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/09/14 16:36:32.144342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/09/14 16:36:32.144980, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 1a030000-0000-0000-5350-80bf641b0000 [2012/09/14 16:36:32.145547, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.146169, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.146787, 3, class=rpc_srv] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/09/14 16:36:32.146922, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/09/14 16:36:32.147068, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/09/14 16:36:32.147766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 19030000-0000-0000-5350-80bf641b0000 [2012/09/14 16:36:32.148335, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.148952, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.149581, 3, class=rpc_srv] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/09/14 16:36:32.149713, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/09/14 16:36:32.149850, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/09/14 16:36:32.150493, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 18030000-0000-0000-5350-80bf641b0000 [2012/09/14 16:36:32.151065, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.151686, 4, class=rpc_srv] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 03 00 00 00 00 00 00 53 50 80 BF ........ ....SP.. [0010] 64 1B 00 00 d... [2012/09/14 16:36:32.152307, 3, class=rpc_srv] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/09/14 16:36:32.152430, 10, class=registry] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/09/14 16:36:32.152557, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/09/14 16:36:32.153341, 1] printing/printer_list.c:94(printer_list_get_printer) Failed to fetch record!