I've tried regshell from Samba Version 4.0.0tp5 and Samba Version 4.0.0tp6, but it always segfaults. The target host is a Windows 2003 Server English with ntlm2 enabled.
The command line used is:
./regshell -R ncacn_np:ip_address -U administrator
and when logged the command 'list' at the end of enumeration triggers the problem.
Same results if i i try the command print on an existent key name.
The problem is in the decoding of rpc response containing the key data.
This problem is similar to problem described in ticket 4717. With gdb i found that the problem is in the winreg_EnumValue fullfilling, because the field out.max_valbufsize results always uninitialized even if other methods don't check its value before to use it as results it segfaults.
The registry code is under a rewrite by jelmer. I'm not yet sure when that newer code will land, but am hesitent to dive into this in the meantime.
Let's look at this again if/when jelmer's branch is either merged, or abandoned.
Seems to be reproducible also with the new backend. I wasn't even able to login in the right way!
This has been fixed in svn.