[2012/08/30 15:27:51.663228, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:51.663529, 5] auth/auth_util.c:110(make_user_info_map) Mapping user [ACR]\[administrator] from workstation [PANAMA] [2012/08/30 15:27:51.663696, 5] auth/user_info.c:59(make_user_info) attempting to make a user_info for administrator (administrator) [2012/08/30 15:27:51.663820, 5] auth/user_info.c:70(make_user_info) making strings for administrator's user_info struct [2012/08/30 15:27:51.663940, 5] auth/user_info.c:87(make_user_info) making blobs for administrator's user_info struct [2012/08/30 15:27:51.664059, 10] auth/user_info.c:123(make_user_info) made a user_info for administrator (administrator) [2012/08/30 15:27:51.664178, 3] auth/auth.c:219(check_ntlm_password) check_ntlm_password: Checking password for unmapped user [ACR]\[administrator]@[PANAMA] with the new password interface [2012/08/30 15:27:51.664325, 3] auth/auth.c:222(check_ntlm_password) check_ntlm_password: mapped user is: [ACR]\[administrator]@[PANAMA] [2012/08/30 15:27:51.664610, 10] auth/auth.c:231(check_ntlm_password) check_ntlm_password: auth_context challenge created by random [2012/08/30 15:27:51.664728, 10] auth/auth.c:233(check_ntlm_password) challenge is: [2012/08/30 15:27:51.664845, 5] ../lib/util/util.c:415(dump_data) [0000] E1 F9 1B D6 03 B5 83 8C ........ [2012/08/30 15:27:51.664976, 10] auth/auth_builtin.c:44(check_guest_security) Check auth for: [administrator] [2012/08/30 15:27:51.665092, 10] auth/auth.c:259(check_ntlm_password) check_ntlm_password: guest had nothing to say [2012/08/30 15:27:51.665212, 10] auth/auth_sam.c:75(auth_samstrict_auth) Check auth for: [administrator] [2012/08/30 15:27:51.665328, 8] lib/util.c:1521(is_myname) is_myname("ACR") returns 0 [2012/08/30 15:27:51.665477, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.665644, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.665763, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.665880, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.665996, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.666609, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=administrator)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.666781, 5] lib/smbldap.c:1341(smbldap_close) The connection to the LDAP server was closed [2012/08/30 15:27:51.666902, 10] lib/smbldap.c:819(smb_ldap_setup_conn) smb_ldap_setup_connection: ldap://192.168.30.15:389 [2012/08/30 15:27:51.667399, 2] lib/smbldap.c:1018(smbldap_open_connection) smbldap_open_connection: connection opened [2012/08/30 15:27:51.667568, 10] lib/smbldap.c:1194(smbldap_connect_system) ldap_connect_system: Binding to ldap server ldap://192.168.30.15:389 as "cn=djadmin,dc=acr,dc=lab" [2012/08/30 15:27:51.671439, 3] lib/smbldap.c:1240(smbldap_connect_system) ldap_connect_system: successful connection to the LDAP server ldap_connect_system: LDAP server does support paged results [2012/08/30 15:27:51.671895, 4] lib/smbldap.c:1319(smbldap_open) The LDAP server is successfully connected [2012/08/30 15:27:51.674783, 2] passdb/pdb_ldap.c:553(init_sam_from_ldap) init_sam_from_ldap: Entry found for user: administrator [2012/08/30 15:27:51.675074, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.675262, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.675380, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.675516, 10] passdb/pdb_get_set.c:513(pdb_set_user_sid_from_string) pdb_set_user_sid_from_string: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.675696, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.675839, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonTime does not exist [2012/08/30 15:27:51.675966, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogoffTime does not exist [2012/08/30 15:27:51.676086, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaKickoffTime does not exist [2012/08/30 15:27:51.676207, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdCanChange does not exist [2012/08/30 15:27:51.676332, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaPwdMustChange does not exist [2012/08/30 15:27:51.676456, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.676580, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomeDrive does not exist [2012/08/30 15:27:51.676860, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.677005, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaHomePath does not exist [2012/08/30 15:27:51.677149, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.677272, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonScript does not exist [2012/08/30 15:27:51.677393, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.677515, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaProfilePath does not exist [2012/08/30 15:27:51.677632, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.677756, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaUserWorkstations does not exist [2012/08/30 15:27:51.677879, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaMungedDial does not exist [2012/08/30 15:27:51.678000, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLMPassword does not exist [2012/08/30 15:27:51.678151, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.678292, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.678411, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.678529, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.678646, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.679272, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.680168, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.680288, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.681814, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.681981, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/password history and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.682286, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.682460, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordCount does not exist [2012/08/30 15:27:51.682583, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaBadPasswordTime does not exist [2012/08/30 15:27:51.682708, 10] lib/smbldap.c:308(smbldap_talloc_single_attribute) attribute sambaLogonHours does not exist [2012/08/30 15:27:51.682922, 5] passdb/login_cache.c:47(login_cache_init) Opening cache file at /var/cache/samba/login_cache.tdb [2012/08/30 15:27:51.683163, 7] passdb/login_cache.c:91(login_cache_read) Looking up login cache for user administrator [2012/08/30 15:27:51.683288, 7] passdb/login_cache.c:102(login_cache_read) No cache entry found [2012/08/30 15:27:51.683406, 9] passdb/pdb_ldap.c:1107(init_sam_from_ldap) No cache entry, bad count = 0, bad time = 0 [2012/08/30 15:27:51.683604, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.683727, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.683845, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.683980, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.684098, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.684299, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.684497, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.684633, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.685880, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.686041, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/maximum password age and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.686266, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.686462, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.686619, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.690763, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.691009, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.691132, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.691251, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.691371, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.691515, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.691763, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.691955, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.692075, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.692197, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.692356, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.692487, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.692606, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.692728, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.692847, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.692964, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.693100, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.693219, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.693336, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.693453, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.693573, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.693765, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.693884, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.694040, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.694253, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.694383, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.694555, 4] ../libcli/auth/ntlm_check.c:351(ntlm_password_check) ntlm_password_check: Checking NTLMv2 password with domain [ACR] [2012/08/30 15:27:51.694805, 4] auth/check_samsec.c:183(sam_account_ok) sam_account_ok: Checking SMB password for user administrator [2012/08/30 15:27:51.694947, 5] auth/check_samsec.c:165(logon_hours_ok) logon_hours_ok: user administrator allowed to logon at this time (Thu Aug 30 19:27:51 2012 ) [2012/08/30 15:27:51.695121, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.695240, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.696479, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.696621, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.696740, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.697243, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.697961, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.698091, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.698213, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.698338, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.698457, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.698650, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.698799, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.698923, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.699084, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.699227, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.699348, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.699468, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.699624, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.699833, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.700030, 10] passdb/pdb_ldap.c:3966(ldapsam_get_account_policy_from_ldap) ldapsam_get_account_policy_from_ldap [2012/08/30 15:27:51.700150, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [sambaDomainName=ACR,dc=acr,dc=lab], filter => [(objectClass=sambaDomain)], scope => [0] [2012/08/30 15:27:51.701944, 10] passdb/account_pol.c:402(cache_account_policy_set) cache_account_policy_set: updating account pol cache [2012/08/30 15:27:51.703011, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = ACCT_POL/minimum password age and timeout = Thu Aug 30 15:28:51 2012 (60 seconds ahead) [2012/08/30 15:27:51.703220, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.703344, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.703462, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.703638, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.703759, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.703876, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.704067, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.704194, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.704311, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.704432, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.704602, 10] lib/system_smbd.c:175(sys_getgrouplist) sys_getgrouplist: user [administrator] [2012/08/30 15:27:51.719284, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 512 [2012/08/30 15:27:51.719419, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.720406, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.720526, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.720662, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.720779, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.721026, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=512))], scope => [2] [2012/08/30 15:27:51.722830, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 512 [2012/08/30 15:27:51.723023, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.723144, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 512 -> sid S-1-5-21-3266308635-3715972288-3547500332-512 [2012/08/30 15:27:51.723303, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 514 [2012/08/30 15:27:51.723422, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.723579, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.723710, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.723827, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.723944, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.724131, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=514))], scope => [2] [2012/08/30 15:27:51.725807, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 514 [2012/08/30 15:27:51.725952, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.726086, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 514 -> sid S-1-5-21-3266308635-3715972288-3547500332-514 [2012/08/30 15:27:51.726232, 5] passdb/lookup_sid.c:1384(gid_to_sid) gid_to_sid: winbind failed to find a sid for gid 515 [2012/08/30 15:27:51.726351, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.726489, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.726608, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.726727, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.726844, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.727049, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(gidNumber=515))], scope => [2] [2012/08/30 15:27:51.728534, 2] passdb/pdb_ldap.c:2427(init_group_from_ldap) init_group_from_ldap: Entry found for group: 515 [2012/08/30 15:27:51.728718, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.728867, 10] passdb/lookup_sid.c:1181(legacy_gid_to_sid) LEGACY: gid 515 -> sid S-1-5-21-3266308635-3715972288-3547500332-515 [2012/08/30 15:27:51.728998, 5] auth/server_info_sam.c:120(make_server_info_sam) make_server_info_sam: made server info for user administrator -> administrator [2012/08/30 15:27:51.729122, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.729246, 3] auth/auth.c:268(check_ntlm_password) check_ntlm_password: sam authentication for user [administrator] succeeded [2012/08/30 15:27:51.729369, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.729487, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.729616, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.729736, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.729836, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.730047, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.730185, 5] auth/auth.c:296(check_ntlm_password) check_ntlm_password: PAM Account for user [administrator] succeeded [2012/08/30 15:27:51.730302, 2] auth/auth.c:309(check_ntlm_password) check_ntlm_password: authentication for user [administrator] -> [administrator] -> [administrator] succeeded [2012/08/30 15:27:51.730475, 10] auth/token_util.c:223(create_local_nt_token_from_info3) Create local NT token for administrator [2012/08/30 15:27:51.730676, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/08/30 15:27:51.730796, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.730915, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.731100, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.731219, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.731335, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.731772, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.733429, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.733611, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.733738, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.733860, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.733979, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.734101, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.734220, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.734337, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.734741, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-544 [2012/08/30 15:27:51.734870, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.735001, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.735124, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.735242, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.735358, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.735603, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.737586, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.737768, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.737892, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.738020, 5] passdb/pdb_util.c:128(create_builtin_administrators) create_builtin_administrators: Failed to create Administrators [2012/08/30 15:27:51.738168, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.738336, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/08/30 15:27:51.738456, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.738575, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.738717, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.738842, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.738959, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.739175, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2012/08/30 15:27:51.741062, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2012/08/30 15:27:51.741250, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.741375, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2012/08/30 15:27:51.741498, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.741616, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.741749, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.741873, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.741990, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.742230, 10] passdb/lookup_sid.c:1628(sid_to_gid) winbind failed to find a gid for sid S-1-5-32-545 [2012/08/30 15:27:51.742353, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.742472, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.742590, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.742725, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.742842, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.743033, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545))], scope => [2] [2012/08/30 15:27:51.745680, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-545)) [2012/08/30 15:27:51.745856, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.745976, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-545 [2012/08/30 15:27:51.746120, 5] passdb/pdb_util.c:99(create_builtin_users) create_builtin_users: Failed to create Users [2012/08/30 15:27:51.746242, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.746361, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.746478, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.746613, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.746730, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.746846, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.747138, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectclass=sambaGroupMapping)(sambaGroupType=4)(|(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-1001)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-513)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-512)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-514)(sambaSIDList=S-1-5-21-3266308635-3715972288-3547500332-515)(sambaSIDList=S-1-1-0)(sambaSIDList=S-1-5-2)(sambaSIDList=S-1-5-11)(sambaSIDList=S-1-5-32-544)))], scope => [2] [2012/08/30 15:27:51.748732, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.748999, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-21-3266308635-3715972288-3547500332-1001 Privilege set: 0x10 [2012/08/30 15:27:51.749191, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-513] [2012/08/30 15:27:51.749316, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-512] [2012/08/30 15:27:51.749445, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-514] [2012/08/30 15:27:51.749570, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-21-3266308635-3715972288-3547500332-515] [2012/08/30 15:27:51.749695, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-1-0 Privilege set: 0x0 [2012/08/30 15:27:51.749880, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-2] [2012/08/30 15:27:51.750005, 4] lib/privileges.c:97(get_privileges) get_privileges: No privileges assigned to SID [S-1-5-11] [2012/08/30 15:27:51.750131, 5] lib/privileges.c:175(get_privileges_for_sids) get_privileges_for_sids: sid = S-1-5-32-544 Privilege set: 0x1ffffff0 [2012/08/30 15:27:51.750413, 10] passdb/lookup_sid.c:1468(sids_to_unix_ids) wbcSidsToUnixIds returned WBC_ERR_WINBIND_NOT_AVAILABLE [2012/08/30 15:27:51.750536, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.750655, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.750784, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.750908, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.751025, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.751204, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 1001. [2012/08/30 15:27:51.751295, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.751413, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.751552, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.751678, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.751795, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.751976, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752094, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.752211, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752357, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.752487, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.752678, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.752799, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.752943, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.753061, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.753178, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.753295, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.753490, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.753618, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.753738, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.753860, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.753978, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.754118, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.754253, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.754372, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.754491, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.754610, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.754733, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.754851, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.754968, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.755085, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.755205, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.755393, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.755567, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.755697, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.755879, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.756016, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.756144, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.756274, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.756394, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.756519, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.756648, 5] passdb/lookup_sid.c:1269(legacy_sid_to_gid) LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 is a User, expected a group [2012/08/30 15:27:51.756776, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.756896, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.757013, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.757138, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.757254, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.757448, 5] passdb/pdb_interface.c:1606(lookup_global_sam_rid) lookup_global_sam_rid: looking up RID 1001. [2012/08/30 15:27:51.757575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.757693, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 1 [2012/08/30 15:27:51.757814, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.757932, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.758050, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.758252, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.758375, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.758491, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.758609, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.758743, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.758937, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759057, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.759177, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759294, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.759428, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.759591, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.759782, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.759909, 10] passdb/pdb_get_set.c:575(pdb_set_username) pdb_set_username: setting username administrator, was [2012/08/30 15:27:51.760032, 10] passdb/pdb_get_set.c:598(pdb_set_domain) pdb_set_domain: setting domain ACR, was [2012/08/30 15:27:51.760151, 10] passdb/pdb_get_set.c:621(pdb_set_nt_username) pdb_set_nt_username: setting nt username administrator, was [2012/08/30 15:27:51.760425, 10] passdb/pdb_get_set.c:644(pdb_set_fullname) pdb_set_full_name: setting full name administrator, was [2012/08/30 15:27:51.760546, 10] passdb/pdb_get_set.c:737(pdb_set_homedir) pdb_set_homedir: setting home dir , was [2012/08/30 15:27:51.760686, 10] passdb/pdb_get_set.c:713(pdb_set_dir_drive) pdb_set_dir_drive: setting dir drive , was NULL [2012/08/30 15:27:51.760805, 10] passdb/pdb_get_set.c:667(pdb_set_logon_script) pdb_set_logon_script: setting logon script allusers.bat, was [2012/08/30 15:27:51.760923, 10] passdb/pdb_get_set.c:690(pdb_set_profile_path) pdb_set_profile_path: setting profile path , was [2012/08/30 15:27:51.761041, 10] passdb/pdb_get_set.c:780(pdb_set_workstations) pdb_set_workstations: setting workstations , was [2012/08/30 15:27:51.761179, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.761316, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 2 [2012/08/30 15:27:51.761434, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 3 [2012/08/30 15:27:51.761569, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.761695, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.761891, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 2 [2012/08/30 15:27:51.762031, 10] passdb/pdb_get_set.c:500(pdb_set_user_sid) pdb_set_user_sid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 [2012/08/30 15:27:51.762153, 10] passdb/pdb_compat.c:73(pdb_set_user_sid_from_rid) pdb_set_user_sid_from_rid: setting user sid S-1-5-21-3266308635-3715972288-3547500332-1001 from rid 1001 [2012/08/30 15:27:51.762334, 10] passdb/pdb_get_set.c:562(pdb_set_group_sid) pdb_set_group_sid: setting group sid S-1-5-21-3266308635-3715972288-3547500332-513 [2012/08/30 15:27:51.762475, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.762613, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.762732, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.762854, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.762976, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.763094, 10] passdb/lookup_sid.c:1223(legacy_sid_to_uid) LEGACY: sid S-1-5-21-3266308635-3715972288-3547500332-1001 -> uid 10000 [2012/08/30 15:27:51.763219, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.763356, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.763475, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.763649, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.763774, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.763968, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0))], scope => [2] [2012/08/30 15:27:51.766003, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-1-0)) [2012/08/30 15:27:51.766187, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.766309, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-1-0 [2012/08/30 15:27:51.766450, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-1-0 [2012/08/30 15:27:51.766572, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.766692, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.766810, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.766948, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.767065, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.767256, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2))], scope => [2] [2012/08/30 15:27:51.769416, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-2)) [2012/08/30 15:27:51.769593, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.769713, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-2 [2012/08/30 15:27:51.769867, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-2 [2012/08/30 15:27:51.769995, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.770112, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.770230, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.770365, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.770543, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.770735, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11))], scope => [2] [2012/08/30 15:27:51.772466, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-11)) [2012/08/30 15:27:51.772635, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.772755, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-11 [2012/08/30 15:27:51.772876, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-11 [2012/08/30 15:27:51.773006, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.773130, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.773248, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.773365, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.773486, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.773676, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544))], scope => [2] [2012/08/30 15:27:51.775342, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(sambaSID=S-1-5-32-544)) [2012/08/30 15:27:51.775535, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.775688, 10] passdb/lookup_sid.c:1253(legacy_sid_to_gid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.775812, 10] passdb/lookup_sid.c:1218(legacy_sid_to_uid) LEGACY: mapping failed for sid S-1-5-32-544 [2012/08/30 15:27:51.775934, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-1-0 to gid, ignoring it [2012/08/30 15:27:51.776056, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-2 to gid, ignoring it [2012/08/30 15:27:51.776174, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-11 to gid, ignoring it [2012/08/30 15:27:51.776322, 10] auth/auth_util.c:505(create_local_token) Could not convert SID S-1-5-32-544 to gid, ignoring it [2012/08/30 15:27:51.776454, 10] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.779018, 10] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.779537, 10] auth/auth_ntlmssp.c:174(auth_ntlmssp_check_password) Got NT session key of length 16 [2012/08/30 15:27:51.779697, 10] auth/auth_ntlmssp.c:181(auth_ntlmssp_check_password) Got LM session key of length 8 [2012/08/30 15:27:51.779817, 10] ../libcli/auth/ntlmssp_server.c:462(ntlmssp_server_postauth) ntlmssp_server_auth: Using unmodified nt session key. [2012/08/30 15:27:51.779941, 3] ../libcli/auth/ntlmssp_sign.c:535(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2012/08/30 15:27:51.780058, 3] ../libcli/auth/ntlmssp.c:34(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0xe2088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP_NEGOTIATE_56 [2012/08/30 15:27:51.780794, 10] smbd/password.c:293(register_existing_vuid) register_existing_vuid: (10000,513) administrator administrator ACR guest=0 [2012/08/30 15:27:51.780913, 3] smbd/password.c:298(register_existing_vuid) register_existing_vuid: User name: administrator Real name: administrator [2012/08/30 15:27:51.781035, 3] smbd/password.c:308(register_existing_vuid) register_existing_vuid: UNIX uid 10000 is UNIX user administrator, and will be vuid 100 [2012/08/30 15:27:51.781740, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key 49442F333035342F3130 [2012/08/30 15:27:51.781988, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c008860 [2012/08/30 15:27:51.782209, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key 49442F333035342F3130 [2012/08/30 15:27:51.782372, 7] param/loadparm.c:9834(lp_servicenumber) lp_servicenumber: couldn't find administrator [2012/08/30 15:27:51.782581, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.782740, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.782864, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.782983, 3] smbd/password.c:238(register_homes_share) Adding homes service for user 'administrator' using home directory: '/home/administrator' [2012/08/30 15:27:51.783343, 8] param/loadparm.c:6480(add_a_service) add_a_service: Creating snum = 6 for administrator [2012/08/30 15:27:51.783467, 10] param/loadparm.c:6527(hash_a_service) hash_a_service: hashing index 6 for service name administrator [2012/08/30 15:27:51.783700, 3] param/loadparm.c:6582(lp_add_home) adding home's share [administrator] for user 'administrator' at '/home/%u' [2012/08/30 15:27:51.783852, 6] param/loadparm.c:7490(lp_file_list_changed) lp_file_list_changed() file /etc/samba/smb.conf -> /etc/samba/smb.conf last mod_time: Thu Aug 30 15:18:57 2012 [2012/08/30 15:27:51.784290, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.784353, 5] lib/util.c:342(show_msg) size=94 smb_com=0x73 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=65535 smb_pid=65279 smb_uid=100 smb_mid=5184 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 9 (0x9) smb_bcc=51 [2012/08/30 15:27:51.785361, 10] ../lib/util/util.c:415(dump_data) [0000] A1 07 30 05 A0 03 0A 01 00 55 00 6E 00 69 00 78 ..0..... .U.n.i.x [0010] 00 00 00 53 00 61 00 6D 00 62 00 61 00 20 00 33 ...S.a.m .b.a. .3 [0020] 00 2E 00 36 00 2E 00 37 00 00 00 41 00 43 00 52 ...6...7 ...A.C.R [0030] 00 00 00 ... [2012/08/30 15:27:51.787401, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 78 [2012/08/30 15:27:51.787803, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x4e [2012/08/30 15:27:51.787923, 3] smbd/process.c:1662(process_smb) Transaction 3 of length 82 (0 toread) [2012/08/30 15:27:51.788040, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.788313, 5] lib/util.c:342(show_msg) size=78 smb_com=0x75 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=0 smb_pid=65279 smb_uid=100 smb_mid=5248 smt_wct=4 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]= 78 (0x4E) smb_vwv[ 2]= 8 (0x8) smb_vwv[ 3]= 1 (0x1) smb_bcc=35 [2012/08/30 15:27:51.789327, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 5C 00 4F 00 52 00 41 00 4E 00 47 00 45 .\.\.O.R .A.N.G.E [0010] 00 5C 00 49 00 50 00 43 00 24 00 00 00 3F 3F 3F .\.I.P.C .$...??? [0020] 3F 3F 00 ??. [2012/08/30 15:27:51.789599, 3] smbd/process.c:1467(switch_message) switch message SMBtconX (pid 3054) conn 0x0 [2012/08/30 15:27:51.789719, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.789837, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.789978, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.790167, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.790342, 4] smbd/reply.c:794(reply_tcon_and_X) Client requested device type [?????] for share [IPC$] [2012/08/30 15:27:51.791125, 5] smbd/service.c:1354(make_connection) making a connection to 'normal' service ipc$ [2012/08/30 15:27:51.791319, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:51.791444, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.792428, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.792564, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.792707, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.792848, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.792969, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.793086, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.794009, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.794212, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.795567, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.795800, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.795921, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.796039, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.796161, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.796360, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.796537, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.796914, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.798557, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.798985, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.799123, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.799241, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.799396, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.799565, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.799700, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.799825, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user administrator [2012/08/30 15:27:51.799984, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user administrator [2012/08/30 15:27:51.800102, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is administrator [2012/08/30 15:27:51.800225, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [administrator]! [2012/08/30 15:27:51.800348, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.800469, 3] smbd/service.c:872(make_connection_snum) Connect path is '/tmp' for service [IPC$] [2012/08/30 15:27:51.800701, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:51.800893, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0x101f01ff, remaining = 0x101f01ff [2012/08/30 15:27:51.801064, 3] smbd/vfs.c:102(vfs_init_default) Initialising default vfs hooks [2012/08/30 15:27:51.801318, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ [2012/08/30 15:27:51.801446, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend '/[Default VFS]/' [2012/08/30 15:27:51.801589, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for posixacl [2012/08/30 15:27:51.801709, 5] smbd/vfs.c:92(smb_register_vfs) Successfully added vfs backend 'posixacl' [2012/08/30 15:27:51.801827, 3] smbd/vfs.c:128(vfs_init_custom) Initialising custom vfs hooks from [/[Default VFS]/] [2012/08/30 15:27:51.801948, 10] smbd/vfs.c:53(vfs_find_backend_entry) vfs_find_backend_entry called for /[Default VFS]/ Successfully loaded vfs module [/[Default VFS]/] with the new modules system [2012/08/30 15:27:51.802158, 5] smbd/connection.c:134(claim_connection) claiming [IPC$] [2012/08/30 15:27:51.802324, 10] lib/dbwrap_tdb.c:102(db_tdb_fetch_locked) Locking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:51.802482, 10] lib/dbwrap_tdb.c:131(db_tdb_fetch_locked) Allocated locked data 0x0x7fd50c00dcd0 [2012/08/30 15:27:51.802708, 10] lib/dbwrap_tdb.c:44(db_tdb_record_destr) Unlocking key EE0B0000FFFFFFFF00D9 [2012/08/30 15:27:51.802979, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.803106, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.803229, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.803346, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.803575, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.803724, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.803865, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.803982, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.804099, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.804302, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.805583, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.805741, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.805864, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.805984, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(0) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.806123, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.806243, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.806361, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.806557, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.808073, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.808234, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.808530, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.808784, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.808927, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.809065, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.809187, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.809308, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share IPC$ is ok for unix user administrator [2012/08/30 15:27:51.809460, 10] smbd/share_access.c:286(is_share_read_only_for_token) is_share_read_only_for_user: share IPC$ is read-only for unix user administrator [2012/08/30 15:27:51.809597, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0x10000000 to 0x001f01ff [2012/08/30 15:27:51.809756, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.809881, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.812574, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.812996, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:51.813126, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.813246, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.813364, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.813549, 5] smbd/uid.c:400(change_to_root_user) change_to_root_user: now uid=(0,0) gid=(0,0) [2012/08/30 15:27:51.813676, 10] smbd/service.c:162(set_conn_connectpath) set_conn_connectpath: service IPC$, connectpath = /tmp [2012/08/30 15:27:51.813831, 10] modules/vfs_default.c:160(vfswrap_fs_capabilities) vfswrap_fs_capabilities: timestamp resolution of sec available on share IPC$, directory /tmp [2012/08/30 15:27:51.814004, 3] smbd/service.c:1114(make_connection_snum) panama (192.168.30.50) connect to service IPC$ initially as user administrator (uid=10000, gid=513) (pid 3054) [2012/08/30 15:27:51.814135, 3] smbd/reply.c:871(reply_tcon_and_X) tconX service=IPC$ [2012/08/30 15:27:51.817377, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:51.817585, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:51.817705, 3] smbd/process.c:1662(process_smb) Transaction 4 of length 106 (0 toread) [2012/08/30 15:27:51.817823, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.817884, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5312 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:51.820572, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:51.820901, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.821026, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.821146, 5] ../libcli/security/security_token.c:63(security_token_debug) Security token SIDs (14): SID[ 0]: S-1-5-21-3266308635-3715972288-3547500332-1001 SID[ 1]: S-1-5-21-3266308635-3715972288-3547500332-513 SID[ 2]: S-1-5-21-3266308635-3715972288-3547500332-512 SID[ 3]: S-1-5-21-3266308635-3715972288-3547500332-514 SID[ 4]: S-1-5-21-3266308635-3715972288-3547500332-515 SID[ 5]: S-1-1-0 SID[ 6]: S-1-5-2 SID[ 7]: S-1-5-11 SID[ 8]: S-1-5-32-544 SID[ 9]: S-1-22-1-10000 SID[ 10]: S-1-22-2-513 SID[ 11]: S-1-22-2-512 SID[ 12]: S-1-22-2-514 SID[ 13]: S-1-22-2-515 Privileges (0x 1FFFFFF0): Privilege[ 0]: SeMachineAccountPrivilege Privilege[ 1]: SeTakeOwnershipPrivilege Privilege[ 2]: SeBackupPrivilege Privilege[ 3]: SeRestorePrivilege Privilege[ 4]: SeRemoteShutdownPrivilege Privilege[ 5]: SePrintOperatorPrivilege Privilege[ 6]: SeAddUsersPrivilege Privilege[ 7]: SeDiskOperatorPrivilege Privilege[ 8]: SeSecurityPrivilege Privilege[ 9]: SeSystemtimePrivilege Privilege[ 10]: SeShutdownPrivilege Privilege[ 11]: SeDebugPrivilege Privilege[ 12]: SeSystemEnvironmentPrivilege Privilege[ 13]: SeSystemProfilePrivilege Privilege[ 14]: SeProfileSingleProcessPrivilege Privilege[ 15]: SeIncreaseBasePriorityPrivilege Privilege[ 16]: SeLoadDriverPrivilege Privilege[ 17]: SeCreatePagefilePrivilege Privilege[ 18]: SeIncreaseQuotaPrivilege Privilege[ 19]: SeChangeNotifyPrivilege Privilege[ 20]: SeUndockPrivilege Privilege[ 21]: SeManageVolumePrivilege Privilege[ 22]: SeImpersonatePrivilege Privilege[ 23]: SeCreateGlobalPrivilege Privilege[ 24]: SeEnableDelegationPrivilege Rights (0x 0): [2012/08/30 15:27:51.824355, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 10000 Primary group is 513 and contains 4 supplementary groups Group[ 0]: 513 Group[ 1]: 512 Group[ 2]: 514 Group[ 3]: 515 [2012/08/30 15:27:51.824811, 5] smbd/uid.c:317(change_to_user_internal) Impersonated user: uid=(0,10000), gid=(0,513) [2012/08/30 15:27:51.824960, 4] smbd/vfs.c:780(vfs_ChDir) vfs_ChDir to /tmp [2012/08/30 15:27:51.825193, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:51.825363, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:51.825513, 5] smbd/files.c:140(file_new) allocated file structure 13657, fnum = 17753 (1 used) [2012/08/30 15:27:51.825702, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:51.825956, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:51.826240, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:51.826464, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:51.826610, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:51.826741, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:51.828529, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:51.828860, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:51.829001, 3] smbd/process.c:1662(process_smb) Transaction 5 of length 76 (0 toread) [2012/08/30 15:27:51.829120, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.829182, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5376 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:51.830895, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 59 45 ED 03 ...YE.. [2012/08/30 15:27:51.831038, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.831247, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.831468, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:51.831696, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:51.831819, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.831881, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5376 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:51.833525, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:51.835388, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:51.835584, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:51.835733, 3] smbd/process.c:1662(process_smb) Transaction 6 of length 228 (0 toread) [2012/08/30 15:27:51.835852, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.835914, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5440 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17753 (0x4559) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:51.837649, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:51.839316, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.839453, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.839686, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 4559 name: spoolss len: 160 [2012/08/30 15:27:51.839808, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:51.839928, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:51.840675, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:51.840856, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.841006, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.841129, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.841246, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:51.841389, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.841544, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.841662, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:51.841806, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.842380, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.845946, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:51.846158, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.846301, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:51.846420, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:51.846546, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.846678, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.848774, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:51.848962, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:51.851580, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:51.851759, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:51.851881, 3] smbd/process.c:1662(process_smb) Transaction 7 of length 63 (0 toread) [2012/08/30 15:27:51.852009, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.852072, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5504 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17753 (0x4559) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:51.853578, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:51.853644, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.853783, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.853936, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.854060, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:51.854199, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.854335, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:51.854455, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:51.857785, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:51.857947, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:51.858083, 3] smbd/process.c:1662(process_smb) Transaction 8 of length 296 (0 toread) [2012/08/30 15:27:51.858207, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.858269, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5568 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17753 (0x4559) smb_bcc=225 [2012/08/30 15:27:51.860390, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:51.861682, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.861857, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.862040, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:51.862299, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.862418, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.862580, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.863446, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4559) [2012/08/30 15:27:51.863631, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:51.863755, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:51.863875, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:51.863993, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:51.864113, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.864232, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.864349, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.864470, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:51.864590, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.864738, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.864870, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:51.864997, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.865122, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:51.867443, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.867624, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.867771, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.867905, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:51.868065, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:51.868316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:51.871428, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:51.871620, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.871903, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:51.872132, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:51.872379, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Wed Dec 31 19:00:00 1969 (-1346354871 seconds in the past) [2012/08/30 15:27:51.872616, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:51 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:51.872859, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:51.873003, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.873198, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.873428, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:51.873584, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:51.877534, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:51.877717, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:51.878243, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.878368, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.878493, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.878616, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.878739, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.878857, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.879070, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:51.880348, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:51.880537, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.880660, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.880801, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:51.880920, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:51.881038, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:51.881158, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:51.881348, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:51.883872, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:51.884069, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:51.884196, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:51.884316, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:51.884465, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:51.884584, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:51.884705, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:51.884870, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:51.885024, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:51.885234, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:51.885387, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:51.885507, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:51.885647, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:51.886113, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:51.887050, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:51.887239, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:51.887428, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:51.887620, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:51.887749, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.887866, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:51.888172, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:51.888370, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:51.888547, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.888746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.889455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:51.891313, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.891569, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:51.891699, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:51.891820, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:51.891940, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:51.892058, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.892338, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:51.892565, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:51.892737, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:51.892856, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:51.892976, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.893095, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894129, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.894253, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894420, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:51.894559, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:51.894681, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:51.894802, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.894919, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895054, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.895171, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895304, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:51.895436, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:51.895919, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:51.896066, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896226, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896352, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.896471, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:51.896668, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:51.896788, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:51.896929, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897083, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897203, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.897319, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:51.897459, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:51.897578, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:51.897699, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.897816, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.897950, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.898068, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.898204, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:51.898338, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:51.898460, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:51.898581, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.898699, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.898818, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:51.898946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.899090, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:51.899254, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:51.899378, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:51.899540, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:51.899669, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:51.899787, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:51.899908, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:51.900032, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:51.900161, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.900360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.900934, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:51.901131, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000013-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:51.901614, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.901813, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 13 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.902026, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:51.902148, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:51.902268, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:51.902772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000012-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:51.903222, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.903422, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 12 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.903618, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:51.903741, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:51.903859, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:51.904504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.904989, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.905114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:51.905270, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.905407, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:51.905555, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:51.907105, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:51.907226, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:51.907355, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:51.907482, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:51.908427, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.908489, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5568 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:51.910034, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 11 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:51.912698, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:51.913134, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:51.913275, 3] smbd/process.c:1662(process_smb) Transaction 9 of length 106 (0 toread) [2012/08/30 15:27:51.913401, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.913464, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5632 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:51.915684, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:51.915896, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.916017, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.916140, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:51.916265, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:51.916407, 5] smbd/files.c:140(file_new) allocated file structure 13658, fnum = 17754 (2 used) [2012/08/30 15:27:51.916532, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:51.916803, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:51.916949, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:51.917103, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:51.917225, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:51.918521, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:51.918692, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:51.918844, 3] smbd/process.c:1662(process_smb) Transaction 10 of length 228 (0 toread) [2012/08/30 15:27:51.918966, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.919028, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5696 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17754 (0x455A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:51.920826, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:51.922070, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.922195, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.922329, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455a name: spoolss len: 160 [2012/08/30 15:27:51.922449, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:51.922568, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:51.922685, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:51.922805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.922947, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.923071, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.923188, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:51.923310, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.923427, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:51.923691, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:51.923816, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.923978, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.928520, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:51.928650, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.928926, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:51.929061, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:51.929182, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:51.929313, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:51.931221, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:51.931360, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:51.932213, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:51.932361, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:51.932500, 3] smbd/process.c:1662(process_smb) Transaction 11 of length 63 (0 toread) [2012/08/30 15:27:51.932619, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.932681, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=5760 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17754 (0x455A) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:51.935329, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:51.935413, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.935601, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.935726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.935865, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:51.935985, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.936112, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:51.936231, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:51.937054, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 276 [2012/08/30 15:27:51.937198, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x114 [2012/08/30 15:27:51.937335, 3] smbd/process.c:1662(process_smb) Transaction 12 of length 280 (0 toread) [2012/08/30 15:27:51.937452, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.937549, 5] lib/util.c:342(show_msg) size=276 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5824 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 192 (0xC0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 192 (0xC0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=209 [2012/08/30 15:27:51.939290, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 C0 00 00 00 02 00 00 ........ ........ [0020] 00 A8 00 00 00 00 00 45 00 00 00 02 00 09 00 00 .......E ........ [0030] 00 00 00 00 00 09 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 00 00 00 00 00 00 00 .a.n.g.e ........ [0050] 00 00 00 00 00 00 00 00 00 02 00 02 00 01 00 00 ........ ........ [0060] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0070] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0080] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [0090] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00A0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00B0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00C0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00D0] 00 . [2012/08/30 15:27:51.940365, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.940516, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.940818, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=192 params=0 setup=2 [2012/08/30 15:27:51.940939, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.941110, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.941228, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.941348, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.941467, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.941585, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 192 [2012/08/30 15:27:51.941703, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:51.943273, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:51.943400, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 192, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.943562, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.943704, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 176 [2012/08/30 15:27:51.943828, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 176 [2012/08/30 15:27:51.943948, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.944066, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 176 [2012/08/30 15:27:51.944196, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 176, incoming data = 176 [2012/08/30 15:27:51.944320, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.944445, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00c0 (192) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000a8 (168) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=168 [0000] 00 00 02 00 09 00 00 00 00 00 00 00 09 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 02 00 02 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0040] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0050] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0060] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0070] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0080] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [0090] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00A0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:51.946781, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.946908, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.947030, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.947173, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:51.947295, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:51.947422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00020002 (131074) 0: SERVER_ACCESS_ADMINISTER 1: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange [2012/08/30 15:27:51.949314, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange] [2012/08/30 15:27:51.949442, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.949680, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange Printer is a print server [2012/08/30 15:27:51.949856, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange (len=8) [2012/08/30 15:27:51.949979, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 2 printer handles active [2012/08/30 15:27:51.950139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.950337, 4] rpc_server/spoolss/srv_spoolss_nt.c:1852(_spoolss_OpenPrinterEx) Setting print server access = SERVER_ACCESS_ENUMERATE [2012/08/30 15:27:51.950455, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 result : WERR_OK [2012/08/30 15:27:51.950972, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.951114, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 176 [2012/08/30 15:27:51.951247, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.951365, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:51.951493, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:51.953569, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:51.953700, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:51.953820, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:51.953939, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.954004, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5824 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:51.955346, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 14 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:51.956414, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 164 [2012/08/30 15:27:51.956560, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xa4 [2012/08/30 15:27:51.956702, 3] smbd/process.c:1662(process_smb) Transaction 13 of length 168 (0 toread) [2012/08/30 15:27:51.956820, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.956885, 5] lib/util.c:342(show_msg) size=164 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5888 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 80 (0x50) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 80 (0x50) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=97 [2012/08/30 15:27:51.958728, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 50 00 00 00 03 00 00 ........ .P...... [0020] 00 38 00 00 00 00 00 1A 00 00 00 00 00 14 00 00 .8...... ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 0A 00 00 .....?P. ........ [0040] 00 00 00 00 00 0A 00 00 00 4F 00 53 00 56 00 65 ........ .O.S.V.e [0050] 00 72 00 73 00 69 00 6F 00 6E 00 00 00 1C 01 00 .r.s.i.o .n...... [0060] 00 . [2012/08/30 15:27:51.959296, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.959435, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.959629, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=80 params=0 setup=2 [2012/08/30 15:27:51.959752, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.959871, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.959988, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.960106, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.960224, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.960357, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 80 [2012/08/30 15:27:51.960496, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 80 [2012/08/30 15:27:51.960635, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 80 [2012/08/30 15:27:51.960755, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 80, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.960876, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.961102, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/08/30 15:27:51.961221, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 64 [2012/08/30 15:27:51.961358, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.961475, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 64 [2012/08/30 15:27:51.961597, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 64, incoming data = 64 [2012/08/30 15:27:51.961717, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.961845, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0050 (80) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000038 (56) context_id : 0x0000 (0) opnum : 0x001a (26) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=56 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 0A 00 00 00 00 00 00 00 0A 00 00 00 ........ ........ [0020] 4F 00 53 00 56 00 65 00 72 00 73 00 69 00 6F 00 O.S.V.e. r.s.i.o. [0030] 6E 00 00 00 1C 01 00 00 n....... [2012/08/30 15:27:51.963566, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:51.963765, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:51.963887, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:51.964011, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1a - api_rpcTNP: rpc command: SPOOLSS_GETPRINTERDATA [2012/08/30 15:27:51.964141, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[26].fn == 0x7fd50aed07e0 [2012/08/30 15:27:51.964502, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData in: struct spoolss_GetPrinterData handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 value_name : 'OSVersion' offered : 0x0000011c (284) [2012/08/30 15:27:51.965139, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:51.965361, 4] rpc_server/spoolss/srv_spoolss_nt.c:9191(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx [2012/08/30 15:27:51.965507, 10] rpc_server/spoolss/srv_spoolss_nt.c:9194(_spoolss_GetPrinterDataEx) _spoolss_GetPrinterDataEx: key => [PrinterDriverData], value => [OSVersion] [2012/08/30 15:27:51.965626, 8] rpc_server/spoolss/srv_spoolss_nt.c:2305(getprinterdata_printer_server) getprinterdata_printer_server:OSVersion [2012/08/30 15:27:51.965836, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinterData: struct spoolss_GetPrinterData out: struct spoolss_GetPrinterData type : * type : REG_BINARY (3) data : * data: ARRAY(284) [0] : 0x14 (20) [1] : 0x01 (1) [2] : 0x00 (0) [3] : 0x00 (0) [4] : 0x05 (5) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x00 (0) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x93 (147) [13] : 0x08 (8) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x02 (2) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x00 (0) [21] : 0x00 (0) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x00 (0) [28] : 0x00 (0) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x00 (0) [33] : 0x00 (0) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x00 (0) [44] : 0x00 (0) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x00 (0) [49] : 0x00 (0) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x00 (0) [53] : 0x00 (0) [54] : 0x00 (0) [55] : 0x00 (0) [56] : 0x00 (0) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x00 (0) [62] : 0x00 (0) [63] : 0x00 (0) [64] : 0x00 (0) [65] : 0x00 (0) [66] : 0x00 (0) [67] : 0x00 (0) [68] : 0x00 (0) [69] : 0x00 (0) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x00 (0) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x00 (0) [82] : 0x00 (0) [83] : 0x00 (0) [84] : 0x00 (0) [85] : 0x00 (0) [86] : 0x00 (0) [87] : 0x00 (0) [88] : 0x00 (0) [89] : 0x00 (0) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x00 (0) [96] : 0x00 (0) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x00 (0) [101] : 0x00 (0) [102] : 0x00 (0) [103] : 0x00 (0) [104] : 0x00 (0) [105] : 0x00 (0) [106] : 0x00 (0) [107] : 0x00 (0) [108] : 0x00 (0) [109] : 0x00 (0) [110] : 0x00 (0) [111] : 0x00 (0) [112] : 0x00 (0) [113] : 0x00 (0) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x00 (0) [118] : 0x00 (0) [119] : 0x00 (0) [120] : 0x00 (0) [121] : 0x00 (0) [122] : 0x00 (0) [123] : 0x00 (0) [124] : 0x00 (0) [125] : 0x00 (0) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x00 (0) [132] : 0x00 (0) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x00 (0) [137] : 0x00 (0) [138] : 0x00 (0) [139] : 0x00 (0) [140] : 0x00 (0) [141] : 0x00 (0) [142] : 0x00 (0) [143] : 0x00 (0) [144] : 0x00 (0) [145] : 0x00 (0) [146] : 0x00 (0) [147] : 0x00 (0) [148] : 0x00 (0) [149] : 0x00 (0) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x00 (0) [154] : 0x00 (0) [155] : 0x00 (0) [156] : 0x00 (0) [157] : 0x00 (0) [158] : 0x00 (0) [159] : 0x00 (0) [160] : 0x00 (0) [161] : 0x00 (0) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x00 (0) [168] : 0x00 (0) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x00 (0) [173] : 0x00 (0) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x00 (0) [178] : 0x00 (0) [179] : 0x00 (0) [180] : 0x00 (0) [181] : 0x00 (0) [182] : 0x00 (0) [183] : 0x00 (0) [184] : 0x00 (0) [185] : 0x00 (0) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x00 (0) [192] : 0x00 (0) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x00 (0) [197] : 0x00 (0) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x00 (0) [202] : 0x00 (0) [203] : 0x00 (0) [204] : 0x00 (0) [205] : 0x00 (0) [206] : 0x00 (0) [207] : 0x00 (0) [208] : 0x00 (0) [209] : 0x00 (0) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x00 (0) [216] : 0x00 (0) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x00 (0) [221] : 0x00 (0) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x00 (0) [226] : 0x00 (0) [227] : 0x00 (0) [228] : 0x00 (0) [229] : 0x00 (0) [230] : 0x00 (0) [231] : 0x00 (0) [232] : 0x00 (0) [233] : 0x00 (0) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x00 (0) [240] : 0x00 (0) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x00 (0) [245] : 0x00 (0) [246] : 0x00 (0) [247] : 0x00 (0) [248] : 0x00 (0) [249] : 0x00 (0) [250] : 0x00 (0) [251] : 0x00 (0) [252] : 0x00 (0) [253] : 0x00 (0) [254] : 0x00 (0) [255] : 0x00 (0) [256] : 0x00 (0) [257] : 0x00 (0) [258] : 0x00 (0) [259] : 0x00 (0) [260] : 0x00 (0) [261] : 0x00 (0) [262] : 0x00 (0) [263] : 0x00 (0) [264] : 0x00 (0) [265] : 0x00 (0) [266] : 0x00 (0) [267] : 0x00 (0) [268] : 0x00 (0) [269] : 0x00 (0) [270] : 0x00 (0) [271] : 0x00 (0) [272] : 0x00 (0) [273] : 0x00 (0) [274] : 0x00 (0) [275] : 0x00 (0) [276] : 0x00 (0) [277] : 0x00 (0) [278] : 0x00 (0) [279] : 0x00 (0) [280] : 0x00 (0) [281] : 0x00 (0) [282] : 0x00 (0) [283] : 0x00 (0) needed : * needed : 0x00000114 (276) result : WERR_OK [2012/08/30 15:27:51.985136, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:51.985270, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 64 [2012/08/30 15:27:51.985404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:51.985525, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 300. [2012/08/30 15:27:51.985650, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0144 (324) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000012c (300) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=300 [0000] 03 00 00 00 1C 01 00 00 14 01 00 00 05 00 00 00 ........ ........ [0010] 00 00 00 00 93 08 00 00 02 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 14 01 00 00 00 00 00 00 ........ .... [2012/08/30 15:27:51.988364, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 2077 [2012/08/30 15:27:51.988668, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 324 bytes. There is no more data outstanding [2012/08/30 15:27:51.988788, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..324] (align 0) [2012/08/30 15:27:51.988908, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.988994, 5] lib/util.c:342(show_msg) size=380 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5888 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 324 (0x144) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 324 (0x144) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=325 [2012/08/30 15:27:51.990373, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 44 01 00 00 03 00 00 ........ .D...... [0010] 00 2C 01 00 00 00 00 00 00 03 00 00 00 1C 01 00 .,...... ........ [0020] 00 14 01 00 00 05 00 00 00 00 00 00 00 93 08 00 ........ ........ [0030] 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 14 01 00 ........ ........ [0140] 00 00 00 00 00 ..... [2012/08/30 15:27:51.992594, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:51.992739, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:51.992861, 3] smbd/process.c:1662(process_smb) Transaction 14 of length 132 (0 toread) [2012/08/30 15:27:51.992979, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:51.993045, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5952 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17754 (0x455A) smb_bcc=61 [2012/08/30 15:27:51.995912, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 04 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 14 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:51.996255, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:51.996394, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:51.996530, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:51.996651, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:51.996788, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:51.996907, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:51.997025, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455a) [2012/08/30 15:27:51.997144, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02a9f0 max_trans_reply: 1024 [2012/08/30 15:27:51.997265, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:51.997385, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:51.997502, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:51.997631, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:51.997757, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:51.997874, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:51.997991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:51.998109, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:51.998245, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:51.998368, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:51.998486, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:51.998608, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.000161, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.000296, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.000576, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.000697, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.000821, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.000966, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000014-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:52.001453, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.001649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.001860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 14 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.002054, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.002173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.002661, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.002783, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.002911, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.003030, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.003154, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.004601, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.004730, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.004881, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.005000, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.005061, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=5952 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.006411, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 04 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.007396, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.007555, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.007687, 3] smbd/process.c:1662(process_smb) Transaction 15 of length 45 (0 toread) [2012/08/30 15:27:52.007804, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.007866, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6016 smt_wct=3 smb_vwv[ 0]=17754 (0x455A) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.008835, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.008899, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.009018, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.009155, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17754 (numopen=2) [2012/08/30 15:27:52.009324, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.009649, 5] smbd/files.c:482(file_free) freed files structure 17754 (1 used) [2012/08/30 15:27:52.009793, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.009855, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6016 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.010657, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.011282, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.011418, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.011555, 3] smbd/process.c:1662(process_smb) Transaction 16 of length 132 (0 toread) [2012/08/30 15:27:52.011685, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.011747, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6080 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17753 (0x4559) smb_bcc=61 [2012/08/30 15:27:52.013784, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 03 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 11 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B7 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.014175, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.014295, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.014420, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.014558, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.014676, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.014794, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.014912, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 4559) [2012/08/30 15:27:52.015048, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.015166, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.015285, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.015402, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.015590, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.015708, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.015825, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.015942, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.016078, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.016195, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.016350, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.016473, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.016596, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.018099, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.018216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.018351, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.018488, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.018608, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.018727, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000011-0000-0000-3f50-b7beee0b0000 [2012/08/30 15:27:52.019155, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019350, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019608, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 11 00 00 00 00 00 00 00 3F 50 B7 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.019819, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.019953, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.020471, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.020598, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.020726, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.020856, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.020986, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.022370, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.022511, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.022630, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.022749, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.022812, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6080 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.024351, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 03 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.025343, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.025481, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.025600, 3] smbd/process.c:1662(process_smb) Transaction 17 of length 45 (0 toread) [2012/08/30 15:27:52.025718, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.025780, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6144 smt_wct=3 smb_vwv[ 0]=17753 (0x4559) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.026742, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.026806, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.026928, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.027047, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17753 (numopen=1) [2012/08/30 15:27:52.027166, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.027300, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/08/30 15:27:52.027443, 5] smbd/files.c:482(file_free) freed files structure 17753 (0 used) [2012/08/30 15:27:52.027615, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.027678, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6144 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.028841, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.030334, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:52.030490, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:52.030610, 3] smbd/process.c:1662(process_smb) Transaction 18 of length 106 (0 toread) [2012/08/30 15:27:52.030728, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.030802, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6208 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:52.033005, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:52.033202, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.033445, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.033612, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:52.033739, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:52.033861, 5] smbd/files.c:140(file_new) allocated file structure 13659, fnum = 17755 (1 used) [2012/08/30 15:27:52.033984, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:52.034107, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:52.034248, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:52.034367, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:52.034493, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:52.034616, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:52.035366, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:52.035554, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:52.035701, 3] smbd/process.c:1662(process_smb) Transaction 19 of length 76 (0 toread) [2012/08/30 15:27:52.035819, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.035880, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6272 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:52.037804, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 5B 45 ED 03 ...[E.. [2012/08/30 15:27:52.037935, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.038055, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.038197, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:52.038317, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:52.038436, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.038507, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6272 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:52.040716, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:52.041664, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:52.041801, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:52.041941, 3] smbd/process.c:1662(process_smb) Transaction 20 of length 228 (0 toread) [2012/08/30 15:27:52.042059, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.042121, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6336 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:52.044326, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:52.045180, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.045302, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.045422, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455b name: spoolss len: 160 [2012/08/30 15:27:52.045542, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:52.045662, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:52.045783, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:52.045902, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.046021, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.046138, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.046258, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:52.046376, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.046505, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.046621, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:52.046757, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.046882, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.050193, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:52.050317, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.050436, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:52.050553, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:52.050673, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.050809, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.052751, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:52.052880, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:52.053656, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.053812, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.053931, 3] smbd/process.c:1662(process_smb) Transaction 21 of length 63 (0 toread) [2012/08/30 15:27:52.054048, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.054110, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6400 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.055725, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.055800, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.055926, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.056048, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.056185, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:52.056305, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.056430, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:52.056574, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:52.057122, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:52.057254, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:52.057373, 3] smbd/process.c:1662(process_smb) Transaction 22 of length 296 (0 toread) [2012/08/30 15:27:52.057499, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.057564, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6464 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=225 [2012/08/30 15:27:52.059289, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:52.060395, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.060666, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.060791, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:52.060934, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.061052, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.061188, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.061306, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.061425, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.061544, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:52.061681, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:52.061798, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:52.061916, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.062035, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.062169, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.062286, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:52.062405, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.062522, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.062642, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:52.062768, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.062890, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:52.065183, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.065301, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.065422, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.065545, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:52.065665, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:52.065787, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:52.067612, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:52.067736, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.067949, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:52.068122, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:52.068320, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:52.068598, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:52.068752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.068964, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.069158, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.069282, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:52.072869, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:52.073040, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:52.073160, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.073297, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.073420, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.073538, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.073658, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.073778, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.073979, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:52.075196, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:52.075379, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.075567, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.075703, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.075821, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.075954, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.076073, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.076266, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:52.077978, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:52.078139, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.078265, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:52.078383, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.078510, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:52.078650, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:52.078770, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:52.078891, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:52.079012, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:52.079150, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.079274, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.079392, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.079574, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.079715, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.080503, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.080649, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.080770, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.080887, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.081024, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.081144, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.081303, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.081436, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.081570, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.081781, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.082289, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.083926, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.084144, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.084265, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.084387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.084684, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.084811, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.084929, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.085113, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.085247, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.085367, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.085487, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085621, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085739, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.085856, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.085991, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.086142, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.086273, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.086395, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086514, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086638, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.086756, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.086897, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.087032, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.087175, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.087297, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087416, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087570, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.087702, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.087856, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.087981, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.088103, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088221, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088342, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.088464, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.088651, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.088772, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.088893, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089015, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089134, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.089251, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089388, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.089526, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.089645, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.089765, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.089892, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090014, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.090130, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090268, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.090404, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.090528, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.090647, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.090767, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.090886, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.091046, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.091165, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.091287, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.091561, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.092075, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:52.092205, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000017-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.092657, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.092890, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 17 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.093089, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.093207, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.093325, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.094903, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000016-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.095336, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.095710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 16 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.095918, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.096036, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.096153, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.096783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.097259, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.097386, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:52.097515, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.097634, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.097759, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.099160, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:52.099281, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.099411, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.099557, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.099686, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.099748, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6464 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.101157, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 15 00 00 ........ ........ [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:52.103317, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 140 [2012/08/30 15:27:52.103578, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c [2012/08/30 15:27:52.103711, 3] smbd/process.c:1662(process_smb) Transaction 23 of length 144 (0 toread) [2012/08/30 15:27:52.103830, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.103891, 5] lib/util.c:342(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6528 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=73 [2012/08/30 15:27:52.105613, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 15 00 00 . ...... ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 00 00 00 00 00 00 ........ . [2012/08/30 15:27:52.106019, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.106149, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.106280, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2012/08/30 15:27:52.106400, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.106516, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.106636, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.106756, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.106876, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.106995, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 56 [2012/08/30 15:27:52.107114, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2012/08/30 15:27:52.107249, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 [2012/08/30 15:27:52.107367, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.107485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.107615, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.107732, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 [2012/08/30 15:27:52.107850, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.107967, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.108101, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 [2012/08/30 15:27:52.108366, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.108489, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.110088, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.110216, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.110335, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.110456, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.110576, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.110757, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/08/30 15:27:52.111542, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.111774, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.111968, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.112112, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.112247, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.112405, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.112531, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.112709, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.113490, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.113633, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.113756, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.113873, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.113992, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.114127, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.114273, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.114842, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.114969, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.115187, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.115753, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.117425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.117639, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.117760, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.117883, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118004, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118123, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.118239, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.118386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.118523, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.118641, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.118761, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.118877, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.118998, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.119114, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.119247, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.119378, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.119562, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.119692, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.119808, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.119929, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.120045, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.120325, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.120458, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.120595, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.120716, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.120833, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.120951, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.121086, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.121228, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.121356, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.121494, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.121614, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.121734, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.121855, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.122014, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.122134, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.122255, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122372, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122507, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.122624, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122759, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.122893, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.123015, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.123135, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123253, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123371, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.123489, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123768, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.123924, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.124046, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.124198, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.124319, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.124488, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.124613, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.124731, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.124851, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.125057, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.125621, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.126357, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.126579, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.126722, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.126867, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.126989, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.127109, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.127229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.127479, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.127743, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.127888, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.128022, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.128143, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.128265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.128384, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.128504, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.128624, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.128761, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.128881, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.129003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.129134, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.129259, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.129383, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.129532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.131228, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.132801, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.133001, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.133160, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.135563, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.136914, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.137111, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.137233, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.138766, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.140095, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.140290, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.140410, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.141822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.143114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.143312, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.143456, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.147102, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.148486, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.148743, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.148908, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.151063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.152397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.152597, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.152730, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.154861, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.156812, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.157016, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.157139, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.158519, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.159910, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.160109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.160234, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.177586, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.178905, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.179109, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.179238, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.181637, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.183001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.183205, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.183334, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.186011, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.187311, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.187561, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.187696, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.189063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.190361, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.190566, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.190689, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.193528, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.195455, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.195781, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.195989, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.198135, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.199452, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.199708, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.199834, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.201038, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.202375, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.202574, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.202698, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.203944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.205396, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.205623, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.205747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.206949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.208253, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.208485, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.208610, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.209950, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.211397, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.211619, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.211744, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.213312, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.216732, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.216942, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.217088, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.217212, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.217366, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.218059, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.218812, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.218932, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.219052, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.219185, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.219303, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.219418, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.219556, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.219699, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.219822, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.220017, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.221178, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.227264, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.227471, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.227613, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.227857, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.227983, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.228104, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.228222, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.228373, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.228679, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.228801, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.228925, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229064, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229183, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.229300, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229436, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.229571, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.229694, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.230746, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.230872, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.230994, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.231112, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.231260, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.231440, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.231622, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.231747, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.231865, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.232005, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.232123, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.232274, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.232395, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.232517, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.232676, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.232799, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.232916, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.233057, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.233177, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.233298, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233416, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233552, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.233669, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233807, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.233943, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.234062, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.234183, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234304, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234422, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.234539, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234677, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.234842, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.234973, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.235108, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.235227, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.235345, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.235556, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.235685, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.235824, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.236136, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.236737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.237992, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.238194, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.238315, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.238434, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.238555, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.238699, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.238823, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.238947, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.239078, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.239198, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.239319, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.239438, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.239625, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.239746, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.239865, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.239984, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.240105, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.240224, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.240344, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.240645, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.240765, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.240885, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.241004, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.241124, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.241802, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.243064, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.243271, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.243392, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.243560, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.259952, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001b-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.260388, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.260611, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1B 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.260805, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.260936, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.261055, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.265435, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001a-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.265858, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.266055, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1A 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.266250, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.266370, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.266490, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.267003, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000019-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.267425, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.267625, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 19 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.267822, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.267947, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.268067, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.268614, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000018-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.269085, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.269283, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 18 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.269478, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.269597, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.269760, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.270365, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.270523, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.270642, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.270760, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.270913, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.271174, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.271447, 4] printing/printing.c:1316(print_cache_expired) print_cache_expired: cache expired for queue HP_4515 (last_qscan_time = 1346354404, time now = 1346354872, qcachetime = 30) [2012/08/30 15:27:52.271712, 10] printing/printing.c:1844(print_queue_update) print_queue_update: Sending message -> printer = HP_4515, type = 8, lpq command = [HP_4515] lprm command = [] [2012/08/30 15:27:52.271956, 10] lib/messages_local.c:255(messaging_tdb_store) messaging_tdb_store: [2012/08/30 15:27:52.272084, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) array: struct messaging_array num_messages : 0x00000001 (1) messages: ARRAY(1) messages: struct messaging_rec msg_version : 0x00000002 (2) msg_type : MSG_PRINTER_UPDATE (517) dest: struct server_id pid : 0x00000ba3 (2979) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) src: struct server_id pid : 0x00000bee (3054) vnn : 0xffffffff (4294967295) unique_id : 0xbe39e3eedeacd900 (13707237555956406528) buf : DATA_BLOB length=21 [0000] 48 50 5F 34 35 31 35 00 08 00 00 00 48 50 5F 34 HP_4515. ....HP_4 [0010] 35 31 35 00 00 515.. [2012/08/30 15:27:52.278031, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x00000308 (776) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:52.278535, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.278672, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 40 [2012/08/30 15:27:52.278833, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.278957, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2012/08/30 15:27:52.279081, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... [2012/08/30 15:27:52.280446, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.280580, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.280714, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2012/08/30 15:27:52.280837, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/08/30 15:27:52.280957, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.281019, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6528 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/08/30 15:27:52.282396, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ [0020] 00 7A 00 00 00 .z... [2012/08/30 15:27:52.302997, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1392 [2012/08/30 15:27:52.303202, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x570 [2012/08/30 15:27:52.303322, 3] smbd/process.c:1662(process_smb) Transaction 24 of length 1396 (0 toread) [2012/08/30 15:27:52.303455, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.303560, 5] lib/util.c:342(show_msg) size=1392 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6592 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1308 (0x51C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1308 (0x51C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=1325 [2012/08/30 15:27:52.305303, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 15 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.307626, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.307752, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.307880, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1308 params=0 setup=2 [2012/08/30 15:27:52.308002, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.308138, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.308256, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.308373, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.308516, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:52.308636, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1308 [2012/08/30 15:27:52.308755, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1308 [2012/08/30 15:27:52.309044, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 [2012/08/30 15:27:52.309171, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.309290, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.309417, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.309584, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 [2012/08/30 15:27:52.309741, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.309929, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.310055, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 [2012/08/30 15:27:52.310193, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.310320, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x051c (1308) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000504 (1284) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1284 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] E0 04 00 00 .... [2012/08/30 15:27:52.319201, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.319350, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.319472, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.319617, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.319754, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.319876, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1248 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x000004e0 (1248) [2012/08/30 15:27:52.328678, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.328906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.329101, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.329275, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.329402, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.329646, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.329802, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.329944, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.330757, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.330881, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.331001, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.331122, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.331241, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.331358, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.331510, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.331656, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.331778, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.331994, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.332538, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.334114, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.334336, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.334457, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.334578, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.334695, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.334814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.334933, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.335079, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.335212, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.335330, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.335452, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.335618, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.335736, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.335863, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.336148, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.336280, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.336397, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.336519, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.336635, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.336753, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.336868, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.337003, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.337134, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.337252, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.337364, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337565, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337682, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.337797, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.337965, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.338085, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.338205, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338322, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338443, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.338559, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.338694, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.338812, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.338936, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339053, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339170, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.339286, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.339423, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.340776, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.340913, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.341060, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341177, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341296, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.341413, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.341741, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.341865, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.342005, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.342125, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.342244, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.342390, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.342534, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.342654, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.342862, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.343363, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.344158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.344359, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.344615, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.344760, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.344883, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.345002, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.345121, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.345240, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.345361, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.345480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.345599, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.345719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.345855, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.345974, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.346093, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.346212, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.346335, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.346454, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.346581, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.346701, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.346824, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.346948, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.347088, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.348783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.350570, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.350818, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.350982, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.352382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.353776, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.353974, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.354114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.355705, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.357063, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.357258, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.357382, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.358772, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.360090, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.360450, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.360583, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.363974, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.365353, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.365613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.365737, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.367822, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.369158, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.369387, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.369518, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.371927, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.373502, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.373709, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.373837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.375162, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.376517, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.376714, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.376837, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.394201, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.395629, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.396017, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.396145, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.398261, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.400387, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.400615, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.400746, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.402051, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.403312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.403553, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.403683, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.405052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.406351, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.406544, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.406667, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.409606, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.410913, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.411216, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.411348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.413458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.414748, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.414958, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.415080, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.416360, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.417650, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.417848, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.417970, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.419173, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.420669, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.420873, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.420995, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.422186, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.423476, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.423683, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.423805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.425132, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.426435, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.426629, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.426750, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.428114, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.429546, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.429760, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.429879, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.429999, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.430117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.430819, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.431672, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.431792, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.431913, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.432029, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.432298, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.432413, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.432555, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.432687, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.432826, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.433020, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.433517, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.435049, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.435262, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.435380, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.435559, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.435697, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.435814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.435930, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.436084, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.436252, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.436370, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.436508, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436628, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436746, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.436862, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.436996, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.437145, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.437263, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.437383, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437502, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437620, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.437800, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.437962, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.438094, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.438214, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.438334, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438454, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438572, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.438688, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.438830, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.438967, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.439088, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439205, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439324, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.439444, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.439632, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.439752, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.439876, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.439994, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440139, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.440255, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440395, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.440531, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.440650, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.440771, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.440891, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441010, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.441126, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441265, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.441410, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.441531, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.441650, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.441771, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.441889, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.442007, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.442125, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.442246, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.442441, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.442933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.444327, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.444555, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.444674, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.444809, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.444929, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.445067, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.445189, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.445329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.445458, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.445579, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.445719, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.445842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.445964, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.446085, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.446209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.446330, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.446452, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.446573, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.446697, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.446817, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.446939, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.447060, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.447184, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.447309, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.448056, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.449579, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.449790, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.449911, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.450052, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.466917, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001f-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.467347, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.467581, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1F 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.467809, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.467932, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.468053, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.468721, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001e-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.469169, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.469364, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1E 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.469575, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.469699, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.469937, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.470521, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001d-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.470999, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.471201, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1D 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.471395, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.471635, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.471756, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.472251, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000001c-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.472710, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.472942, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 1C 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.473137, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.473256, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.473377, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.473921, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:52.491717, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.491855, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1292 [2012/08/30 15:27:52.492174, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.492298, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. [2012/08/30 15:27:52.492423, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0508 (1288) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000004f0 (1264) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1264 [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:52.499785, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:52.499925, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:52.500052, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:52.500171, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:52.500364, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.500427, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6592 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:52.501785, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.506085, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.506374, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.506504, 3] smbd/process.c:1662(process_smb) Transaction 25 of length 63 (0 toread) [2012/08/30 15:27:52.506627, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.506689, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6656 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17755 (0x455B) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 264 (0x108) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 264 (0x108) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.508853, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.508936, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.509063, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.509187, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 264 [2012/08/30 15:27:52.509309, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. [2012/08/30 15:27:52.509456, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.509587, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.509844, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 264 bytes. There is more data outstanding [2012/08/30 15:27:52.510060, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=264 max=264 nread=264 [2012/08/30 15:27:52.520165, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.520374, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.520493, 3] smbd/process.c:1662(process_smb) Transaction 26 of length 132 (0 toread) [2012/08/30 15:27:52.520610, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.520674, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6720 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1288 (0x508) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17755 (0x455B) smb_bcc=61 [2012/08/30 15:27:52.522372, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 15 00 00 ........ ........ [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.522753, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.522872, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.522997, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.523134, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.523249, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.523365, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.523482, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455b) [2012/08/30 15:27:52.523647, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1288 [2012/08/30 15:27:52.523765, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.523896, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.524031, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.524184, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.524302, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.524419, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.524537, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.524655, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.524771, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.524887, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.525022, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.525151, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.526669, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.526793, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.527063, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.527187, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:52.527307, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:52.527431, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000015-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.528916, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529116, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529316, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 15 00 00 00 00 00 00 00 3F 50 B8 BE ........ ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.529509, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.529649, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.530142, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.530272, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:52.530404, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1288 [2012/08/30 15:27:52.530524, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.530776, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.532386, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.532573, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.532703, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.532844, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.532906, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6720 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.534270, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:52.534726, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:52.534851, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:52.534997, 3] smbd/process.c:1662(process_smb) Transaction 27 of length 106 (0 toread) [2012/08/30 15:27:52.535115, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.535175, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=6785 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:52.537388, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:52.537584, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.537702, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.537842, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:52.537958, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:52.538140, 5] smbd/files.c:140(file_new) allocated file structure 13660, fnum = 17756 (2 used) [2012/08/30 15:27:52.538280, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:52.538403, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:52.538527, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 2 for pipe \spoolss [2012/08/30 15:27:52.538687, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:52.538808, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:52.539585, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:52.539741, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:52.539868, 3] smbd/process.c:1662(process_smb) Transaction 28 of length 45 (0 toread) [2012/08/30 15:27:52.539985, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.540046, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6849 smt_wct=3 smb_vwv[ 0]=17755 (0x455B) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:52.541197, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.541267, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.541385, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.541503, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17755 (numopen=2) [2012/08/30 15:27:52.541621, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:52.541762, 5] smbd/files.c:482(file_free) freed files structure 17755 (1 used) [2012/08/30 15:27:52.541881, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.541944, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6849 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:52.542730, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.543297, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:52.543428, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:52.543618, 3] smbd/process.c:1662(process_smb) Transaction 29 of length 228 (0 toread) [2012/08/30 15:27:52.543738, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.543802, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6913 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:52.545402, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:52.546229, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.546350, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.546469, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455c name: spoolss len: 160 [2012/08/30 15:27:52.546606, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:52.546724, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:52.546841, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:52.546970, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.547104, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.547221, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.547337, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:52.547457, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.547612, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:52.547729, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:52.547847, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.547971, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.551355, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:52.551523, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.551651, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:52.551768, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:52.551888, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:52.552018, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:52.553979, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:52.554108, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:52.555024, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.555166, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.555284, 3] smbd/process.c:1662(process_smb) Transaction 30 of length 63 (0 toread) [2012/08/30 15:27:52.555401, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.555466, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=6977 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.557073, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.557140, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.557259, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.557382, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.557503, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:52.557635, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:52.557759, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:52.557877, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:52.558662, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:52.558798, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:52.558916, 3] smbd/process.c:1662(process_smb) Transaction 31 of length 296 (0 toread) [2012/08/30 15:27:52.559033, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.559094, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7041 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=225 [2012/08/30 15:27:52.560816, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:52.561904, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.562022, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.562144, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:52.562264, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.562380, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.562496, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.562612, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.562746, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.562864, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:52.562981, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:52.563098, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:52.563215, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.563338, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.563455, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.563607, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:52.563728, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.563844, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:52.563960, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:52.564230, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.564354, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:52.566621, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.566741, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.566875, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.566995, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:52.567114, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:52.567236, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000000 (0) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 0: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:52.569045, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:52.569167, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.569361, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:52.569557, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:52.569753, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:52 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:52.570001, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:52.570118, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.570312, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.570532, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.570657, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:52.573851, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:52.574037, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:52.574159, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.574281, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.574405, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.574523, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.574641, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.574758, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.574993, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:52.576464, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:52.576661, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.576809, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.576977, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:52.577120, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:52.577260, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:52.577416, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:52.577631, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:52.579616, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:52.579796, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:52.579941, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:52.580060, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:52.580189, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:52.580306, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:52.580480, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:52.580603, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:52.580752, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:52.580875, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.581002, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.581121, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.581244, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.581379, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.582144, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.582265, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.582387, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.582507, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.582637, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.582754, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.582901, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.583036, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.583158, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.583356, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.583901, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.585473, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.585696, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.585818, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.585940, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586062, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586182, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.586298, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.586450, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.586591, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.586713, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.586845, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.586963, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587105, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.587221, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587361, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.587550, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.587680, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.587802, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.587920, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588038, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.588414, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588551, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.588717, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.588838, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.588960, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589099, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589224, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.589341, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.589491, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.589613, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.589765, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.589884, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.590004, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.590120, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.590277, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.590398, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.590519, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.590638, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.590761, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.590878, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.591468, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.591657, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.591782, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.591905, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592025, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592146, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.592306, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592452, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.592589, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.592711, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.592834, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.592955, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.593074, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.593193, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.593331, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.593453, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.593652, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.594147, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:52.594279, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000022-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.594711, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.594925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 22 00 00 00 00 00 00 00 3F 50 B8 BE ...."... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.595130, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.595250, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.595388, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.596100, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000021-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.596567, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.596764, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 21 00 00 00 00 00 00 00 3F 50 B8 BE ....!... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.596975, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.597095, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.597213, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.597695, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.598174, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.598301, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:52.598434, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.598554, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:52.598680, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:52.600287, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:52.600410, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.600555, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:52.600675, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:52.600793, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.600855, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7041 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:52.602236, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 20 00 00 ........ ..... .. [0020] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:52.605310, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 140 [2012/08/30 15:27:52.605592, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x8c [2012/08/30 15:27:52.605725, 3] smbd/process.c:1662(process_smb) Transaction 32 of length 144 (0 toread) [2012/08/30 15:27:52.605844, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.605905, 5] lib/util.c:342(show_msg) size=140 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7105 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 56 (0x38) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 56 (0x38) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=73 [2012/08/30 15:27:52.607688, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 38 00 00 00 03 00 00 ........ .8...... [0020] 00 20 00 00 00 00 00 08 00 00 00 00 00 20 00 00 . ...... ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 00 00 00 00 00 00 ........ . [2012/08/30 15:27:52.608169, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.608307, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.608449, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=56 params=0 setup=2 [2012/08/30 15:27:52.608586, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.608705, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.608833, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.608959, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.609089, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.609208, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 56 [2012/08/30 15:27:52.609352, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 56 [2012/08/30 15:27:52.609486, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 56 [2012/08/30 15:27:52.609620, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 56, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.609754, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.609873, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.609991, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 40 [2012/08/30 15:27:52.610121, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.610246, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 40 [2012/08/30 15:27:52.610365, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 40, incoming data = 40 [2012/08/30 15:27:52.610623, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.610752, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0038 (56) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000020 (32) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=32 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.612678, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.612823, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.612990, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.613132, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.613270, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.613395, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : NULL offered : 0x00000000 (0) [2012/08/30 15:27:52.614037, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.614270, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.614482, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.614644, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.614785, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.614904, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.615045, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.615196, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.616100, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.616224, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.616346, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.616463, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.616597, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.616716, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.616862, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.616996, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.617135, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.617332, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.617857, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.619529, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.619751, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.619887, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.620032, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620152, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620287, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.620428, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.620572, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.620708, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.620844, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.620967, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621086, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621206, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.621322, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621471, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.621640, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.621758, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.621895, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622028, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622162, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.622295, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622444, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.622578, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.622721, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.622872, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.622992, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.623112, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.623231, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.623376, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.623552, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.623702, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.623836, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.624103, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.624223, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.624363, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.624484, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.624622, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.624750, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.624874, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.625007, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.625146, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.625299, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.625435, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.625559, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.625693, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.625814, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.625946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.626100, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.626252, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.626375, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.626510, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.626662, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.626803, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.626937, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.627071, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.627293, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.627562, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.628121, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.628915, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.629129, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.629285, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.629448, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.629572, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.629691, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.629813, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.629948, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.630086, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.630207, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.630345, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.630480, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.630602, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.630724, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.630853, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.630972, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.631219, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.631364, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.631598, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.631722, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.631858, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.631990, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.632146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.633732, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.635065, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.635279, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.635424, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.636990, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.638412, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.638641, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.638783, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.640497, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.641863, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.642062, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.642185, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.643564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.644947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.645160, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.645297, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.648971, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.650390, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.650613, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.650740, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.653853, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.655245, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.655449, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.655622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.657941, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.659348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.659585, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.659725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.661342, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.662708, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.662925, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.663063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.680558, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.681950, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.682164, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.682290, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.684633, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.685995, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.686195, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.686316, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.687762, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.689216, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.689416, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.689541, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.690892, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.692493, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.692698, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.692852, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.696299, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.697772, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.697987, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.698117, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.700504, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.701879, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.702103, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.702244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.703472, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.705752, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.705969, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.706099, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.707374, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.709719, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.709976, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.710104, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.711427, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.713404, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.713614, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.713758, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.715128, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.716597, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.717661, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.717829, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.719259, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.720739, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.720943, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.721079, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.721203, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.721323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.722025, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.722853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.722995, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.723119, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.723238, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.723359, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.723478, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.724508, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.724646, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.724771, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.725032, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.725590, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.727250, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.727469, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.727643, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.727783, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.727917, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.728038, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.728156, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.728329, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.728480, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.728615, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.728773, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729029, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729151, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.729270, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729432, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.729582, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.729726, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.729850, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.729977, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730102, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.730236, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730386, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.730520, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.730642, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.730780, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.730900, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.731037, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.731156, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.731301, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.731439, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.731597, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.731732, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.731853, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.731980, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.732128, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.732426, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.732550, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.732692, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.732813, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.733058, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.733216, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.733419, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.733544, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.733670, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.733800, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.733922, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.734042, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.734202, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.734375, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.734517, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.734642, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.734780, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.734916, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.735051, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.735172, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.735295, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.735564, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.736148, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.737458, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.737683, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.737805, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.737937, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.738078, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.738229, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.738370, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.738486, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.738704, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.738842, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.738965, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.739101, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.739223, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.739359, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.739481, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.739626, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.739748, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.739870, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.740006, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.740161, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.740283, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.740444, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.740580, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.740725, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.741499, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.742830, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.743029, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.743151, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.743291, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.760598, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000026-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.761074, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.761273, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 26 00 00 00 00 00 00 00 3F 50 B8 BE ....&... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.761472, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.761610, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.761736, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.762262, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000025-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.762706, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.762925, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 25 00 00 00 00 00 00 00 3F 50 B8 BE ....%... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.763123, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.763247, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.763385, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.763964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000024-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.764432, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.764633, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 24 00 00 00 00 00 00 00 3F 50 B8 BE ....$... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.764844, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.764986, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.765146, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.765654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000023-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.766087, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.766286, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 23 00 00 00 00 00 00 00 3F 50 B8 BE ....#... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.766496, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.766630, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.766764, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.767348, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : NULL needed : * needed : 0x00000308 (776) result : WERR_INSUFFICIENT_BUFFER [2012/08/30 15:27:52.767997, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.768136, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 40 [2012/08/30 15:27:52.768281, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.768417, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 12. [2012/08/30 15:27:52.768543, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0024 (36) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x0000000c (12) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=12 [0000] 00 00 00 00 08 03 00 00 7A 00 00 00 ........ z... [2012/08/30 15:27:52.769927, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.770056, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.770221, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 36 bytes. There is no more data outstanding [2012/08/30 15:27:52.770341, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..36] (align 0) [2012/08/30 15:27:52.770477, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.770541, 5] lib/util.c:342(show_msg) size=92 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7105 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 36 (0x24) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 36 (0x24) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=37 [2012/08/30 15:27:52.772061, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 24 00 00 00 03 00 00 ........ .$...... [0010] 00 0C 00 00 00 00 00 00 00 00 00 00 00 08 03 00 ........ ........ [0020] 00 7A 00 00 00 .z... [2012/08/30 15:27:52.774980, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 1392 [2012/08/30 15:27:52.775193, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x570 [2012/08/30 15:27:52.775316, 3] smbd/process.c:1662(process_smb) Transaction 33 of length 1396 (0 toread) [2012/08/30 15:27:52.775436, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.775558, 5] lib/util.c:342(show_msg) size=1392 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7169 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1308 (0x51C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 1308 (0x51C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=1325 [2012/08/30 15:27:52.777333, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 1C 05 00 00 04 00 00 ........ ........ [0020] 00 04 05 00 00 00 00 08 00 00 00 00 00 20 00 00 ........ ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 02 00 00 .....?P. ........ [0040] 00 00 00 02 00 E0 04 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.780139, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.780425, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.780560, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=1308 params=0 setup=2 [2012/08/30 15:27:52.780686, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.780849, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.780971, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.781107, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.781245, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1024 [2012/08/30 15:27:52.781384, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 1308 [2012/08/30 15:27:52.781546, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1308 [2012/08/30 15:27:52.781668, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 1308 [2012/08/30 15:27:52.781805, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 1308, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.781940, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.782062, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.782182, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 1292 [2012/08/30 15:27:52.782303, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.782439, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 1292 [2012/08/30 15:27:52.782574, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 1292, incoming data = 1292 [2012/08/30 15:27:52.782711, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.782839, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x051c (1308) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000504 (1284) context_id : 0x0000 (0) opnum : 0x0008 (8) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1284 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 02 00 00 00 00 00 02 00 E0 04 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0500] E0 04 00 00 .... [2012/08/30 15:27:52.791104, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:52.791247, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:52.791542, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:52.791682, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x8 - api_rpcTNP: rpc command: SPOOLSS_GETPRINTER [2012/08/30 15:27:52.791819, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[8].fn == 0x7fd50aed3850 [2012/08/30 15:27:52.791949, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter in: struct spoolss_GetPrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 level : 0x00000002 (2) buffer : * buffer : DATA_BLOB length=1248 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0270] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0280] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0290] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [02F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0300] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0310] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0320] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0330] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0340] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0350] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0360] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0370] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0440] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0450] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0460] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0470] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0480] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0490] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [04D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ offered : 0x000004e0 (1248) [2012/08/30 15:27:52.799928, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.800164, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.800375, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:52.800524, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:52.800666, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:52.800800, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:52.800928, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:52.801069, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.801904, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.802039, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:52.802175, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.802320, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.802456, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.802574, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.802738, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.802874, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.803006, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.803210, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.803761, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.805569, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.805790, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.805911, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:52.806049, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806182, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806303, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.806422, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.806569, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.806722, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.806857, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.806995, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807114, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807249, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.807385, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807560, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.807719, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.807855, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.808021, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808138, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808275, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.808394, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808531, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.808666, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.808802, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.808925, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809044, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809185, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.809305, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.809466, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.809601, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.809723, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.809857, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.809978, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.810111, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.810382, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.810509, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.810650, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.810771, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.810893, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.811019, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.811175, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.811327, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.811449, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.811767, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.811902, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812040, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.812184, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812353, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.812512, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.812653, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.812791, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.814654, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.814813, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.814936, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.815074, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.815198, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.815414, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.816155, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey in: struct winreg_QueryInfoKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL [2012/08/30 15:27:52.816920, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.817125, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.817259, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.817405, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.817543, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.817665, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.817787, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.817906, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.818042, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.818178, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.818315, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.818437, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.818558, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.818694, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.818816, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.818952, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.819074, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.819209, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.819329, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.819464, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.819648, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.819771, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.826429, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryInfoKey: struct winreg_QueryInfoKey out: struct winreg_QueryInfoKey classname : * classname: struct winreg_String name_len : 0x0000 (0) name_size : 0x0000 (0) name : NULL num_subkeys : * num_subkeys : 0x00000003 (3) max_subkeylen : * max_subkeylen : 0x00000022 (34) max_classlen : * max_classlen : 0x00000000 (0) num_values : * num_values : 0x00000012 (18) max_valnamelen : * max_valnamelen : 0x00000022 (34) max_valbufsize : * max_valbufsize : 0x000000f8 (248) secdescsize : * secdescsize : 0x00000078 (120) last_changed_time : * last_changed_time : NTTIME(0) result : WERR_OK [2012/08/30 15:27:52.828244, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000000 (0) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.829843, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.830065, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.830209, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Attributes' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x48 (72) [1] : 0x10 (16) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.831704, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000001 (1) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.833147, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.833370, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.833511, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Datatype' type : * type : REG_SZ (1) value : * value: ARRAY(8) [0] : 0x52 (82) [1] : 0x00 (0) [2] : 0x41 (65) [3] : 0x00 (0) [4] : 0x57 (87) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) size : * size : 0x00000008 (8) length : * length : 0x00000008 (8) result : WERR_OK [2012/08/30 15:27:52.835568, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000002 (2) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.836981, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.837180, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.837354, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0022 (34) size : 0x0024 (36) name : * name : 'Default Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.838767, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000003 (3) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.840379, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.840590, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.840722, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Port' type : * type : REG_SZ (1) value : * value: ARRAY(38) [0] : 0x53 (83) [1] : 0x00 (0) [2] : 0x61 (97) [3] : 0x00 (0) [4] : 0x6d (109) [5] : 0x00 (0) [6] : 0x62 (98) [7] : 0x00 (0) [8] : 0x61 (97) [9] : 0x00 (0) [10] : 0x20 (32) [11] : 0x00 (0) [12] : 0x50 (80) [13] : 0x00 (0) [14] : 0x72 (114) [15] : 0x00 (0) [16] : 0x69 (105) [17] : 0x00 (0) [18] : 0x6e (110) [19] : 0x00 (0) [20] : 0x74 (116) [21] : 0x00 (0) [22] : 0x65 (101) [23] : 0x00 (0) [24] : 0x72 (114) [25] : 0x00 (0) [26] : 0x20 (32) [27] : 0x00 (0) [28] : 0x50 (80) [29] : 0x00 (0) [30] : 0x6f (111) [31] : 0x00 (0) [32] : 0x72 (114) [33] : 0x00 (0) [34] : 0x74 (116) [35] : 0x00 (0) [36] : 0x00 (0) [37] : 0x00 (0) size : * size : 0x00000026 (38) length : * length : 0x00000026 (38) result : WERR_OK [2012/08/30 15:27:52.844422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000004 (4) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.845860, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.846078, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.846219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000a (10) size : 0x0024 (36) name : * name : 'Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.848331, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000005 (5) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.849618, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.849853, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.849977, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0020 (32) size : 0x0024 (36) name : * name : 'Print Processor' type : * type : REG_SZ (1) value : * value: ARRAY(18) [0] : 0x77 (119) [1] : 0x00 (0) [2] : 0x69 (105) [3] : 0x00 (0) [4] : 0x6e (110) [5] : 0x00 (0) [6] : 0x70 (112) [7] : 0x00 (0) [8] : 0x72 (114) [9] : 0x00 (0) [10] : 0x69 (105) [11] : 0x00 (0) [12] : 0x6e (110) [13] : 0x00 (0) [14] : 0x74 (116) [15] : 0x00 (0) [16] : 0x00 (0) [17] : 0x00 (0) size : * size : 0x00000012 (18) length : * length : 0x00000012 (18) result : WERR_OK [2012/08/30 15:27:52.852266, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000006 (6) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.853576, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.853770, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.853890, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Priority' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.855426, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000007 (7) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.856784, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.856982, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.857103, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Security' type : * type : REG_BINARY (3) value : * value: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) size : * size : 0x000000f8 (248) length : * length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.873534, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000008 (8) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.875348, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.876533, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.876662, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Share Name' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.878769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000009 (9) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.880076, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.880274, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.880438, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'StartTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.881769, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000a (10) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.883045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.883240, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.883361, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0014 (20) size : 0x0024 (36) name : * name : 'UntilTime' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.884768, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000b (11) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.886129, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.886329, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.886458, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0018 (24) size : 0x0024 (36) name : * name : 'Description' type : * type : REG_SZ (1) value : * value: ARRAY(26) [0] : 0x63 (99) [1] : 0x00 (0) [2] : 0x75 (117) [3] : 0x00 (0) [4] : 0x70 (112) [5] : 0x00 (0) [6] : 0x73 (115) [7] : 0x00 (0) [8] : 0x20 (32) [9] : 0x00 (0) [10] : 0x70 (112) [11] : 0x00 (0) [12] : 0x72 (114) [13] : 0x00 (0) [14] : 0x69 (105) [15] : 0x00 (0) [16] : 0x6e (110) [17] : 0x00 (0) [18] : 0x74 (116) [19] : 0x00 (0) [20] : 0x65 (101) [21] : 0x00 (0) [22] : 0x72 (114) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) size : * size : 0x0000001a (26) length : * length : 0x0000001a (26) result : WERR_OK [2012/08/30 15:27:52.889346, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000c (12) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.890649, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.890845, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.890967, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Printer Driver' type : * type : REG_SZ (1) value : * value: ARRAY(16) [0] : 0x48 (72) [1] : 0x00 (0) [2] : 0x50 (80) [3] : 0x00 (0) [4] : 0x5f (95) [5] : 0x00 (0) [6] : 0x34 (52) [7] : 0x00 (0) [8] : 0x35 (53) [9] : 0x00 (0) [10] : 0x31 (49) [11] : 0x00 (0) [12] : 0x35 (53) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) size : * size : 0x00000010 (16) length : * length : 0x00000010 (16) result : WERR_OK [2012/08/30 15:27:52.893077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000d (13) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.894717, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.894936, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.895063, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'Location' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.896321, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000e (14) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.897662, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.897870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.897997, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0016 (22) size : 0x0024 (36) name : * name : 'Parameters' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.899219, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x0000000f (15) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.900757, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.900955, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.901077, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x001e (30) size : 0x0024 (36) name : * name : 'Separator File' type : * type : REG_SZ (1) value : * value: ARRAY(2) [0] : 0x00 (0) [1] : 0x00 (0) size : * size : 0x00000002 (2) length : * length : 0x00000002 (2) result : WERR_OK [2012/08/30 15:27:52.902323, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000010 (16) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.903671, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.903870, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.904029, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x000e (14) size : 0x0024 (36) name : * name : 'Status' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x00 (0) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.905339, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue in: struct winreg_EnumValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 enum_index : 0x00000011 (17) name : * name: struct winreg_ValNameBuf length : 0x0002 (2) size : 0x0024 (36) name : * name : '' type : * type : REG_NONE (0) value : * value: ARRAY(0) size : * size : 0x000000f8 (248) length : * length : 0x00000000 (0) [2012/08/30 15:27:52.906651, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.906862, 8] rpc_server/winreg/srv_winreg_nt.c:450(_winreg_EnumValue) _winreg_EnumValue: enumerating values for key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.906983, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_EnumValue: struct winreg_EnumValue out: struct winreg_EnumValue name : * name: struct winreg_ValNameBuf length : 0x0012 (18) size : 0x0024 (36) name : * name : 'ChangeID' type : * type : REG_DWORD (4) value : * value: ARRAY(4) [0] : 0x09 (9) [1] : 0x7d (125) [2] : 0x00 (0) [3] : 0x00 (0) size : * size : 0x00000004 (4) length : * length : 0x00000004 (4) result : WERR_OK [2012/08/30 15:27:52.908418, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0020 (32) name_size : 0x0020 (32) name : * name : 'Default DevMode' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.909679, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.909879, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.910001, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.910122, 10] rpc_server/winreg/srv_winreg_nt.c:315(_winreg_QueryValue) _winreg_QueryValue: reg_queryvalue failed with: WERR_BADFILE [2012/08/30 15:27:52.910338, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) result : WERR_BADFILE [2012/08/30 15:27:52.911039, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.912021, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:52.912146, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:52.912268, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:52.912385, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:52.912519, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.912635, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:52.912781, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:52.912919, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.913042, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[3] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.913240, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.913747, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:52.915741, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.915993, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:52.916132, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:52.916277, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916394, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916515, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.916631, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:52.916778, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:52.916979, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:52.917099, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:52.917220, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917341, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917461, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.917578, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917718, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:52.917853, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:52.917971, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:52.918095, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918211, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918329, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.918446, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918598, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:52.918732, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:52.918852, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:52.918976, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919092, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919210, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.919343, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:52.919487, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:52.919637, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:52.919785, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.919903, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.920050, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.920167, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:52.920310, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:52.920433, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (10->11) [2012/08/30 15:27:52.920554, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.920671, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.920789, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.920907, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.921044, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:52.921180, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:52.921301, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (11->12) [2012/08/30 15:27:52.921422, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921539, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921660, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:52.921775, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.921913, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.922066, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:52.922187, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (12->11) [2012/08/30 15:27:52.922305, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (11->10) [2012/08/30 15:27:52.922434, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:52.922558, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:52.922677, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:52.922794, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:52.922916, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[4] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.923111, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 result : WERR_OK [2012/08/30 15:27:52.923805, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_NONE (0) data : NULL data_size : * data_size : 0x00000000 (0) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.925048, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.925247, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.925385, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.925504, 10] registry/reg_dispatcher.c:150(fetch_reg_values) fetch_reg_values called for key 'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' (ops 0x7fd50b775f80) [2012/08/30 15:27:52.925625, 10] registry/reg_backend_db.c:1789(regdb_fetch_values_internal) regdb_fetch_values: Looking for values of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.925782, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[0]: name[Attributes] len[4] [2012/08/30 15:27:52.925903, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[1]: name[Datatype] len[8] [2012/08/30 15:27:52.926023, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[2]: name[Default Priority] len[4] [2012/08/30 15:27:52.926145, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[3]: name[Port] len[38] [2012/08/30 15:27:52.926265, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[4]: name[Name] len[16] [2012/08/30 15:27:52.926385, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[5]: name[Print Processor] len[18] [2012/08/30 15:27:52.926505, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[6]: name[Priority] len[4] [2012/08/30 15:27:52.926630, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[7]: name[Security] len[248] [2012/08/30 15:27:52.926878, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[8]: name[Share Name] len[16] [2012/08/30 15:27:52.927003, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[9]: name[StartTime] len[4] [2012/08/30 15:27:52.927123, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[10]: name[UntilTime] len[4] [2012/08/30 15:27:52.927243, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[11]: name[Description] len[26] [2012/08/30 15:27:52.927365, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[12]: name[Printer Driver] len[16] [2012/08/30 15:27:52.927484, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[13]: name[Location] len[2] [2012/08/30 15:27:52.928445, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[14]: name[Parameters] len[2] [2012/08/30 15:27:52.928568, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[15]: name[Separator File] len[2] [2012/08/30 15:27:52.928688, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[16]: name[Status] len[4] [2012/08/30 15:27:52.928807, 10] registry/reg_backend_db.c:1734(regdb_unpack_values) regdb_unpack_values: value[17]: name[ChangeID] len[4] [2012/08/30 15:27:52.928933, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : NULL data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) result : WERR_OK [2012/08/30 15:27:52.929719, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue in: struct winreg_QueryValue handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 value_name : * value_name: struct winreg_String name_len : 0x0012 (18) name_size : 0x0012 (18) name : * name : 'Security' type : * type : REG_BINARY (3) data : * data: ARRAY(0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x00000000 (0) [2012/08/30 15:27:52.930970, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.931170, 7] rpc_server/winreg/srv_winreg_nt.c:262(_winreg_QueryValue) _winreg_QueryValue: policy key name = [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:52.931295, 7] rpc_server/winreg/srv_winreg_nt.c:263(_winreg_QueryValue) _winreg_QueryValue: policy key type = [00000000] [2012/08/30 15:27:52.931422, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_QueryValue: struct winreg_QueryValue out: struct winreg_QueryValue type : * type : REG_BINARY (3) data : * data: ARRAY(248) [0] : 0x01 (1) [1] : 0x00 (0) [2] : 0x04 (4) [3] : 0x80 (128) [4] : 0x14 (20) [5] : 0x00 (0) [6] : 0x00 (0) [7] : 0x00 (0) [8] : 0x24 (36) [9] : 0x00 (0) [10] : 0x00 (0) [11] : 0x00 (0) [12] : 0x00 (0) [13] : 0x00 (0) [14] : 0x00 (0) [15] : 0x00 (0) [16] : 0x34 (52) [17] : 0x00 (0) [18] : 0x00 (0) [19] : 0x00 (0) [20] : 0x01 (1) [21] : 0x02 (2) [22] : 0x00 (0) [23] : 0x00 (0) [24] : 0x00 (0) [25] : 0x00 (0) [26] : 0x00 (0) [27] : 0x05 (5) [28] : 0x20 (32) [29] : 0x00 (0) [30] : 0x00 (0) [31] : 0x00 (0) [32] : 0x20 (32) [33] : 0x02 (2) [34] : 0x00 (0) [35] : 0x00 (0) [36] : 0x01 (1) [37] : 0x02 (2) [38] : 0x00 (0) [39] : 0x00 (0) [40] : 0x00 (0) [41] : 0x00 (0) [42] : 0x00 (0) [43] : 0x05 (5) [44] : 0x20 (32) [45] : 0x00 (0) [46] : 0x00 (0) [47] : 0x00 (0) [48] : 0x20 (32) [49] : 0x02 (2) [50] : 0x00 (0) [51] : 0x00 (0) [52] : 0x02 (2) [53] : 0x00 (0) [54] : 0xc4 (196) [55] : 0x00 (0) [56] : 0x07 (7) [57] : 0x00 (0) [58] : 0x00 (0) [59] : 0x00 (0) [60] : 0x00 (0) [61] : 0x02 (2) [62] : 0x14 (20) [63] : 0x00 (0) [64] : 0x08 (8) [65] : 0x00 (0) [66] : 0x02 (2) [67] : 0x20 (32) [68] : 0x01 (1) [69] : 0x01 (1) [70] : 0x00 (0) [71] : 0x00 (0) [72] : 0x00 (0) [73] : 0x00 (0) [74] : 0x00 (0) [75] : 0x01 (1) [76] : 0x00 (0) [77] : 0x00 (0) [78] : 0x00 (0) [79] : 0x00 (0) [80] : 0x00 (0) [81] : 0x09 (9) [82] : 0x24 (36) [83] : 0x00 (0) [84] : 0x0c (12) [85] : 0x00 (0) [86] : 0x0f (15) [87] : 0x10 (16) [88] : 0x01 (1) [89] : 0x05 (5) [90] : 0x00 (0) [91] : 0x00 (0) [92] : 0x00 (0) [93] : 0x00 (0) [94] : 0x00 (0) [95] : 0x05 (5) [96] : 0x15 (21) [97] : 0x00 (0) [98] : 0x00 (0) [99] : 0x00 (0) [100] : 0x1b (27) [101] : 0xea (234) [102] : 0xaf (175) [103] : 0xc2 (194) [104] : 0xc0 (192) [105] : 0x3c (60) [106] : 0x7d (125) [107] : 0xdd (221) [108] : 0x2c (44) [109] : 0x8f (143) [110] : 0x72 (114) [111] : 0xd3 (211) [112] : 0x00 (0) [113] : 0x02 (2) [114] : 0x00 (0) [115] : 0x00 (0) [116] : 0x00 (0) [117] : 0x02 (2) [118] : 0x24 (36) [119] : 0x00 (0) [120] : 0x0c (12) [121] : 0x00 (0) [122] : 0x0f (15) [123] : 0x10 (16) [124] : 0x01 (1) [125] : 0x05 (5) [126] : 0x00 (0) [127] : 0x00 (0) [128] : 0x00 (0) [129] : 0x00 (0) [130] : 0x00 (0) [131] : 0x05 (5) [132] : 0x15 (21) [133] : 0x00 (0) [134] : 0x00 (0) [135] : 0x00 (0) [136] : 0x1b (27) [137] : 0xea (234) [138] : 0xaf (175) [139] : 0xc2 (194) [140] : 0xc0 (192) [141] : 0x3c (60) [142] : 0x7d (125) [143] : 0xdd (221) [144] : 0x2c (44) [145] : 0x8f (143) [146] : 0x72 (114) [147] : 0xd3 (211) [148] : 0x00 (0) [149] : 0x02 (2) [150] : 0x00 (0) [151] : 0x00 (0) [152] : 0x00 (0) [153] : 0x09 (9) [154] : 0x18 (24) [155] : 0x00 (0) [156] : 0x0c (12) [157] : 0x00 (0) [158] : 0x0f (15) [159] : 0x10 (16) [160] : 0x01 (1) [161] : 0x02 (2) [162] : 0x00 (0) [163] : 0x00 (0) [164] : 0x00 (0) [165] : 0x00 (0) [166] : 0x00 (0) [167] : 0x05 (5) [168] : 0x20 (32) [169] : 0x00 (0) [170] : 0x00 (0) [171] : 0x00 (0) [172] : 0x20 (32) [173] : 0x02 (2) [174] : 0x00 (0) [175] : 0x00 (0) [176] : 0x00 (0) [177] : 0x02 (2) [178] : 0x18 (24) [179] : 0x00 (0) [180] : 0x0c (12) [181] : 0x00 (0) [182] : 0x0f (15) [183] : 0x10 (16) [184] : 0x01 (1) [185] : 0x02 (2) [186] : 0x00 (0) [187] : 0x00 (0) [188] : 0x00 (0) [189] : 0x00 (0) [190] : 0x00 (0) [191] : 0x05 (5) [192] : 0x20 (32) [193] : 0x00 (0) [194] : 0x00 (0) [195] : 0x00 (0) [196] : 0x20 (32) [197] : 0x02 (2) [198] : 0x00 (0) [199] : 0x00 (0) [200] : 0x00 (0) [201] : 0x09 (9) [202] : 0x18 (24) [203] : 0x00 (0) [204] : 0x0c (12) [205] : 0x00 (0) [206] : 0x0f (15) [207] : 0x10 (16) [208] : 0x01 (1) [209] : 0x02 (2) [210] : 0x00 (0) [211] : 0x00 (0) [212] : 0x00 (0) [213] : 0x00 (0) [214] : 0x00 (0) [215] : 0x05 (5) [216] : 0x20 (32) [217] : 0x00 (0) [218] : 0x00 (0) [219] : 0x00 (0) [220] : 0x26 (38) [221] : 0x02 (2) [222] : 0x00 (0) [223] : 0x00 (0) [224] : 0x00 (0) [225] : 0x02 (2) [226] : 0x18 (24) [227] : 0x00 (0) [228] : 0x0c (12) [229] : 0x00 (0) [230] : 0x0f (15) [231] : 0x10 (16) [232] : 0x01 (1) [233] : 0x02 (2) [234] : 0x00 (0) [235] : 0x00 (0) [236] : 0x00 (0) [237] : 0x00 (0) [238] : 0x00 (0) [239] : 0x05 (5) [240] : 0x20 (32) [241] : 0x00 (0) [242] : 0x00 (0) [243] : 0x00 (0) [244] : 0x26 (38) [245] : 0x02 (2) [246] : 0x00 (0) [247] : 0x00 (0) data_size : * data_size : 0x000000f8 (248) data_length : * data_length : 0x000000f8 (248) result : WERR_OK [2012/08/30 15:27:52.947832, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002a-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.948409, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.948643, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2A 00 00 00 00 00 00 00 3F 50 B8 BE ....*... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.948837, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.948963, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:52.949082, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.949602, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000029-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.950045, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.950260, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 29 00 00 00 00 00 00 00 3F 50 B8 BE ....)... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.950464, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.950589, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:52.950708, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.951215, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000028-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.951704, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.951906, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 28 00 00 00 00 00 00 00 3F 50 B8 BE ....(... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.952139, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.952262, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:52.952380, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.952887, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000027-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:52.953320, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.953526, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 27 00 00 00 00 00 00 00 3F 50 B8 BE ....'... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:52.953726, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:52.953845, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:52.953964, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:52.954550, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_GetPrinter: struct spoolss_GetPrinter out: struct spoolss_GetPrinter info : * info : union spoolss_PrinterInfo(case 2) info2: struct spoolss_PrinterInfo2 servername : * servername : '\\orange' printername : * printername : '\\orange\HP_4515' sharename : * sharename : 'HP_4515' portname : * portname : 'Samba Printer Port' drivername : * drivername : 'HP_4515' comment : * comment : 'cups printer' location : * location : '' devmode : * devmode: struct spoolss_DeviceMode devicename : '\\orange\HP_4515' specversion : DMSPEC_NT4_AND_ABOVE (1025) driverversion : 0x0400 (1024) size : 0x00dc (220) __driverextra_length : 0x0000 (0) fields : 0x00014713 (83731) 1: DEVMODE_ORIENTATION 1: DEVMODE_PAPERSIZE 0: DEVMODE_PAPERLENGTH 0: DEVMODE_PAPERWIDTH 1: DEVMODE_SCALE 0: DEVMODE_POSITION 0: DEVMODE_NUP 1: DEVMODE_COPIES 1: DEVMODE_DEFAULTSOURCE 1: DEVMODE_PRINTQUALITY 0: DEVMODE_COLOR 0: DEVMODE_DUPLEX 0: DEVMODE_YRESOLUTION 1: DEVMODE_TTOPTION 0: DEVMODE_COLLATE 1: DEVMODE_FORMNAME 0: DEVMODE_LOGPIXELS 0: DEVMODE_BITSPERPEL 0: DEVMODE_PELSWIDTH 0: DEVMODE_PELSHEIGHT 0: DEVMODE_DISPLAYFLAGS 0: DEVMODE_DISPLAYFREQUENCY 0: DEVMODE_ICMMETHOD 0: DEVMODE_ICMINTENT 0: DEVMODE_MEDIATYPE 0: DEVMODE_DITHERTYPE 0: DEVMODE_PANNINGWIDTH 0: DEVMODE_PANNINGHEIGHT orientation : DMORIENT_PORTRAIT (1) papersize : DMPAPER_LETTER (1) paperlength : 0x0000 (0) paperwidth : 0x0000 (0) scale : 0x0064 (100) copies : 0x0001 (1) defaultsource : DMBIN_FORMSOURCE (15) printquality : DMRES_HIGH (65532) color : DMRES_MONOCHROME (1) duplex : DMDUP_SIMPLEX (1) yresolution : 0x0000 (0) ttoption : DMTT_SUBDEV (3) collate : DMCOLLATE_FALSE (0) formname : 'Letter' logpixels : 0x0000 (0) bitsperpel : 0x00000000 (0) pelswidth : 0x00000000 (0) pelsheight : 0x00000000 (0) displayflags : UNKNOWN_ENUM_VALUE (0) displayfrequency : 0x00000000 (0) icmmethod : UNKNOWN_ENUM_VALUE (0) icmintent : UNKNOWN_ENUM_VALUE (0) mediatype : UNKNOWN_ENUM_VALUE (0) dithertype : UNKNOWN_ENUM_VALUE (0) reserved1 : 0x00000000 (0) reserved2 : 0x00000000 (0) panningwidth : 0x00000000 (0) panningheight : 0x00000000 (0) driverextra_data : DATA_BLOB length=0 sepfile : * sepfile : '' printprocessor : * printprocessor : 'winprint' datatype : * datatype : 'RAW' parameters : * parameters : '' secdesc : * secdesc: struct security_descriptor revision : SECURITY_DESCRIPTOR_REVISION_1 (1) type : 0x8004 (32772) 0: SEC_DESC_OWNER_DEFAULTED 0: SEC_DESC_GROUP_DEFAULTED 1: SEC_DESC_DACL_PRESENT 0: SEC_DESC_DACL_DEFAULTED 0: SEC_DESC_SACL_PRESENT 0: SEC_DESC_SACL_DEFAULTED 0: SEC_DESC_DACL_TRUSTED 0: SEC_DESC_SERVER_SECURITY 0: SEC_DESC_DACL_AUTO_INHERIT_REQ 0: SEC_DESC_SACL_AUTO_INHERIT_REQ 0: SEC_DESC_DACL_AUTO_INHERITED 0: SEC_DESC_SACL_AUTO_INHERITED 0: SEC_DESC_DACL_PROTECTED 0: SEC_DESC_SACL_PROTECTED 0: SEC_DESC_RM_CONTROL_VALID 1: SEC_DESC_SELF_RELATIVE owner_sid : * owner_sid : S-1-5-32-544 group_sid : * group_sid : S-1-5-32-544 sacl : NULL dacl : * dacl: struct security_acl revision : SECURITY_ACL_REVISION_NT4 (2) size : 0x00c4 (196) num_aces : 0x00000007 (7) aces: ARRAY(7) aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0014 (20) access_mask : 0x20020008 (537001992) object : union security_ace_object_ctr(case 0) trustee : S-1-1-0 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0024 (36) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-21-3266308635-3715972288-3547500332-512 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-544 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x09 (9) 1: SEC_ACE_FLAG_OBJECT_INHERIT 0: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 1: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x09: SEC_ACE_FLAG_VALID_INHERIT (9) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 aces: struct security_ace type : SEC_ACE_TYPE_ACCESS_ALLOWED (0) flags : 0x02 (2) 0: SEC_ACE_FLAG_OBJECT_INHERIT 1: SEC_ACE_FLAG_CONTAINER_INHERIT 0: SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0: SEC_ACE_FLAG_INHERIT_ONLY 0: SEC_ACE_FLAG_INHERITED_ACE 0x02: SEC_ACE_FLAG_VALID_INHERIT (2) 0: SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0: SEC_ACE_FLAG_FAILED_ACCESS size : 0x0018 (24) access_mask : 0x100f000c (269418508) object : union security_ace_object_ctr(case 0) trustee : S-1-5-32-550 attributes : 0x00001048 (4168) 0: PRINTER_ATTRIBUTE_QUEUED 0: PRINTER_ATTRIBUTE_DIRECT 0: PRINTER_ATTRIBUTE_DEFAULT 1: PRINTER_ATTRIBUTE_SHARED 0: PRINTER_ATTRIBUTE_NETWORK 0: PRINTER_ATTRIBUTE_HIDDEN 1: PRINTER_ATTRIBUTE_LOCAL 0: PRINTER_ATTRIBUTE_ENABLE_DEVQ 0: PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0: PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0: PRINTER_ATTRIBUTE_WORK_OFFLINE 0: PRINTER_ATTRIBUTE_ENABLE_BIDI 1: PRINTER_ATTRIBUTE_RAW_ONLY 0: PRINTER_ATTRIBUTE_PUBLISHED 0: PRINTER_ATTRIBUTE_FAX 0: PRINTER_ATTRIBUTE_TS priority : 0x00000001 (1) defaultpriority : 0x00000001 (1) starttime : 0x00000000 (0) untiltime : 0x00000000 (0) status : 0x00000000 (0) 0: PRINTER_STATUS_PAUSED 0: PRINTER_STATUS_ERROR 0: PRINTER_STATUS_PENDING_DELETION 0: PRINTER_STATUS_PAPER_JAM 0: PRINTER_STATUS_PAPER_OUT 0: PRINTER_STATUS_MANUAL_FEED 0: PRINTER_STATUS_PAPER_PROBLEM 0: PRINTER_STATUS_OFFLINE 0: PRINTER_STATUS_IO_ACTIVE 0: PRINTER_STATUS_BUSY 0: PRINTER_STATUS_PRINTING 0: PRINTER_STATUS_OUTPUT_BIN_FULL 0: PRINTER_STATUS_NOT_AVAILABLE 0: PRINTER_STATUS_WAITING 0: PRINTER_STATUS_PROCESSING 0: PRINTER_STATUS_INITIALIZING 0: PRINTER_STATUS_WARMING_UP 0: PRINTER_STATUS_TONER_LOW 0: PRINTER_STATUS_NO_TONER 0: PRINTER_STATUS_PAGE_PUNT 0: PRINTER_STATUS_USER_INTERVENTION 0: PRINTER_STATUS_OUT_OF_MEMORY 0: PRINTER_STATUS_DOOR_OPEN 0: PRINTER_STATUS_SERVER_UNKNOWN 0: PRINTER_STATUS_POWER_SAVE cjobs : 0x00000000 (0) averageppm : 0x00000000 (0) needed : * needed : 0x00000308 (776) result : WERR_OK [2012/08/30 15:27:52.972656, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:52.972795, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 1292 [2012/08/30 15:27:52.972956, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:52.973183, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 1264. [2012/08/30 15:27:52.973310, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0508 (1288) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000004f0 (1264) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=1264 [0000] 04 00 02 00 E0 04 00 00 CE 04 00 00 AC 04 00 00 ........ ........ [0010] 9C 04 00 00 76 04 00 00 66 04 00 00 4C 04 00 00 ....v... f...L... [0020] 4A 04 00 00 50 03 00 00 48 04 00 00 36 04 00 00 J...P... H...6... [0030] 2E 04 00 00 2C 04 00 00 58 02 00 00 48 10 00 00 ....,... X...H... [0040] 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0050] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0200] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0210] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0220] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0230] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0240] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0250] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0260] 01 00 04 80 D8 00 00 00 E8 00 00 00 00 00 00 00 ........ ........ [0270] 14 00 00 00 02 00 C4 00 07 00 00 00 00 02 14 00 ........ ........ [0280] 08 00 02 20 01 01 00 00 00 00 00 01 00 00 00 00 ... .... ........ [0290] 00 09 24 00 0C 00 0F 10 01 05 00 00 00 00 00 05 ..$..... ........ [02A0] 15 00 00 00 1B EA AF C2 C0 3C 7D DD 2C 8F 72 D3 ........ .<}.,.r. [02B0] 00 02 00 00 00 02 24 00 0C 00 0F 10 01 05 00 00 ......$. ........ [02C0] 00 00 00 05 15 00 00 00 1B EA AF C2 C0 3C 7D DD ........ .....<}. [02D0] 2C 8F 72 D3 00 02 00 00 00 09 18 00 0C 00 0F 10 ,.r..... ........ [02E0] 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 ........ ... ... [02F0] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0300] 20 00 00 00 20 02 00 00 00 09 18 00 0C 00 0F 10 ... ... ........ [0310] 01 02 00 00 00 00 00 05 20 00 00 00 26 02 00 00 ........ ...&... [0320] 00 02 18 00 0C 00 0F 10 01 02 00 00 00 00 00 05 ........ ........ [0330] 20 00 00 00 26 02 00 00 01 02 00 00 00 00 00 05 ...&... ........ [0340] 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 ... ... ........ [0350] 20 00 00 00 20 02 00 00 5C 00 5C 00 6F 00 72 00 ... ... \.\.o.r. [0360] 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F 00 a.n.g.e. \.H.P._. [0370] 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 00 4.5.1.5. ........ [0380] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0390] 00 00 00 00 00 00 00 00 01 04 00 04 DC 00 00 00 ........ ........ [03A0] 13 47 01 00 01 00 01 00 00 00 00 00 64 00 01 00 .G...... ....d... [03B0] 0F 00 FC FF 01 00 01 00 00 00 03 00 00 00 4C 00 ........ ......L. [03C0] 65 00 74 00 74 00 65 00 72 00 00 00 00 00 00 00 e.t.t.e. r....... [03D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [03F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0400] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0410] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0420] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0430] 00 00 00 00 00 00 52 00 41 00 57 00 00 00 77 00 ......R. A.W...w. [0440] 69 00 6E 00 70 00 72 00 69 00 6E 00 74 00 00 00 i.n.p.r. i.n.t... [0450] 00 00 00 00 63 00 75 00 70 00 73 00 20 00 70 00 ....c.u. p.s. .p. [0460] 72 00 69 00 6E 00 74 00 65 00 72 00 00 00 48 00 r.i.n.t. e.r...H. [0470] 50 00 5F 00 34 00 35 00 31 00 35 00 00 00 53 00 P._.4.5. 1.5...S. [0480] 61 00 6D 00 62 00 61 00 20 00 50 00 72 00 69 00 a.m.b.a. .P.r.i. [0490] 6E 00 74 00 65 00 72 00 20 00 50 00 6F 00 72 00 n.t.e.r. .P.o.r. [04A0] 74 00 00 00 48 00 50 00 5F 00 34 00 35 00 31 00 t...H.P. _.4.5.1. [04B0] 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 6E 00 5...\.\. o.r.a.n. [04C0] 67 00 65 00 5C 00 48 00 50 00 5F 00 34 00 35 00 g.e.\.H. P._.4.5. [04D0] 31 00 35 00 00 00 5C 00 5C 00 6F 00 72 00 61 00 1.5...\. \.o.r.a. [04E0] 6E 00 67 00 65 00 00 00 08 03 00 00 00 00 00 00 n.g.e... ........ [2012/08/30 15:27:52.981784, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 1024 bytes. There is more data outstanding [2012/08/30 15:27:52.981915, 5] smbd/ipc.c:103(send_trans_reply) send_trans_reply: buffer 1024 too large [2012/08/30 15:27:52.982036, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..1024] (align 0) [2012/08/30 15:27:52.982188, 3] smbd/error.c:81(error_packet_set) error packet at smbd/ipc.c(137) cmd=37 (SMBtrans) STATUS_BUFFER_OVERFLOW [2012/08/30 15:27:52.982308, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.982370, 5] lib/util.c:342(show_msg) size=1080 smb_com=0x25 smb_rcls=5 smb_reh=0 smb_err=32768 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7169 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 1024 (0x400) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=1025 [2012/08/30 15:27:52.983770, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 08 05 00 00 04 00 00 ........ ........ [0010] 00 F0 04 00 00 00 00 00 00 04 00 02 00 E0 04 00 ........ ........ [0020] 00 CE 04 00 00 AC 04 00 00 9C 04 00 00 76 04 00 ........ .....v.. [0030] 00 66 04 00 00 4C 04 00 00 4A 04 00 00 50 03 00 .f...L.. .J...P.. [0040] 00 48 04 00 00 36 04 00 00 2E 04 00 00 2C 04 00 .H...6.. .....,.. [0050] 00 58 02 00 00 48 10 00 00 01 00 00 00 01 00 00 .X...H.. ........ [0060] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0070] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0080] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0090] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [00F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0100] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0110] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0120] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0130] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0140] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0150] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0160] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0170] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0180] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0190] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01A0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01B0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01C0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01D0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01E0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [01F0] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [2012/08/30 15:27:52.987275, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:52.987521, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:52.987669, 3] smbd/process.c:1662(process_smb) Transaction 34 of length 63 (0 toread) [2012/08/30 15:27:52.987790, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.987852, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7233 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17756 (0x455C) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 264 (0x108) smb_vwv[ 6]= 264 (0x108) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 264 (0x108) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:52.989647, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:52.989713, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.989851, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.989974, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 264 [2012/08/30 15:27:52.990095, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 1288, current_pdu_sent = 1024 returning 264 bytes. [2012/08/30 15:27:52.990218, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 4526 [2012/08/30 15:27:52.990350, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:52.990667, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 264 bytes. There is more data outstanding [2012/08/30 15:27:52.990956, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=264 max=264 nread=264 [2012/08/30 15:27:52.991691, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 128 [2012/08/30 15:27:52.991866, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x80 [2012/08/30 15:27:52.992024, 3] smbd/process.c:1662(process_smb) Transaction 35 of length 132 (0 toread) [2012/08/30 15:27:52.992154, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:52.992222, 5] lib/util.c:342(show_msg) size=128 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7297 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 44 (0x2C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1288 (0x508) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 44 (0x2C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17756 (0x455C) smb_bcc=61 [2012/08/30 15:27:52.994990, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 2C 00 00 00 05 00 00 ........ .,...... [0020] 00 14 00 00 00 00 00 1D 00 00 00 00 00 20 00 00 ........ ..... .. [0030] 00 00 00 00 00 3F 50 B8 BE EE 0B 00 00 .....?P. ..... [2012/08/30 15:27:52.995364, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:52.995488, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:52.996590, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=44 params=0 setup=2 [2012/08/30 15:27:52.996713, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:52.996831, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:52.996948, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:52.997067, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455c) [2012/08/30 15:27:52.997186, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c026d50 max_trans_reply: 1288 [2012/08/30 15:27:52.997307, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 44 [2012/08/30 15:27:52.997426, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 44 [2012/08/30 15:27:52.997544, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 44 [2012/08/30 15:27:52.997662, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 44, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:52.997791, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:52.997909, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.998026, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 28 [2012/08/30 15:27:52.998146, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:52.999075, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 28 [2012/08/30 15:27:52.999201, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 28, incoming data = 28 [2012/08/30 15:27:52.999322, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:52.999447, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x002c (44) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x001d (29) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=20 [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.007793, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.010742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.010895, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.011039, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x1d - api_rpcTNP: rpc command: SPOOLSS_CLOSEPRINTER [2012/08/30 15:27:53.011177, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[29].fn == 0x7fd50aed00b0 [2012/08/30 15:27:53.011315, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter in: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000020-0000-0000-3f50-b8beee0b0000 [2012/08/30 15:27:53.011754, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012001, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012418, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 20 00 00 00 00 00 00 00 3F 50 B8 BE .... ... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.012616, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.012779, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_ClosePrinter: struct spoolss_ClosePrinter out: struct spoolss_ClosePrinter handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.013256, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.013398, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 28 [2012/08/30 15:27:53.013535, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1288 [2012/08/30 15:27:53.013656, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.013781, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000005 (5) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.015362, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.015496, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.015618, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.015748, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.015811, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7297 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.017261, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 05 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0020] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0030] 00 . [2012/08/30 15:27:53.018646, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 41 [2012/08/30 15:27:53.018827, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x29 [2012/08/30 15:27:53.018951, 3] smbd/process.c:1662(process_smb) Transaction 36 of length 45 (0 toread) [2012/08/30 15:27:53.019228, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.019292, 5] lib/util.c:342(show_msg) size=41 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7361 smt_wct=3 smb_vwv[ 0]=17756 (0x455C) smb_vwv[ 1]=65535 (0xFFFF) smb_vwv[ 2]=65535 (0xFFFF) smb_bcc=0 [2012/08/30 15:27:53.020594, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.020673, 3] smbd/process.c:1467(switch_message) switch message SMBclose (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.020800, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.020925, 3] smbd/reply.c:4848(reply_close) close fd=-1 fnum=17756 (numopen=1) [2012/08/30 15:27:53.021047, 6] smbd/close.c:532(set_close_write_time) close_write_time: Sun Feb 7 01:28:15 2106 [2012/08/30 15:27:53.021227, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \spoolss [2012/08/30 15:27:53.021355, 5] smbd/files.c:482(file_free) freed files structure 17756 (0 used) [2012/08/30 15:27:53.021476, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.021538, 5] lib/util.c:342(show_msg) size=35 smb_com=0x4 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7361 smt_wct=0 smb_bcc=0 [2012/08/30 15:27:53.022316, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.054530, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 102 [2012/08/30 15:27:53.054740, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x66 [2012/08/30 15:27:53.054863, 3] smbd/process.c:1662(process_smb) Transaction 37 of length 106 (0 toread) [2012/08/30 15:27:53.054981, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.055074, 5] lib/util.c:342(show_msg) size=102 smb_com=0xa2 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7425 smt_wct=24 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]= 4096 (0x1000) smb_vwv[ 3]= 4096 (0x1000) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]=40704 (0x9F00) smb_vwv[ 8]= 4609 (0x1201) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_vwv[14]= 0 (0x0) smb_vwv[15]= 1792 (0x700) smb_vwv[16]= 0 (0x0) smb_vwv[17]= 256 (0x100) smb_vwv[18]= 0 (0x0) smb_vwv[19]=16384 (0x4000) smb_vwv[20]=16384 (0x4000) smb_vwv[21]= 512 (0x200) smb_vwv[22]= 0 (0x0) smb_vwv[23]= 768 (0x300) smb_bcc=19 [2012/08/30 15:27:53.057458, 10] ../lib/util/util.c:415(dump_data) [0000] FF 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00 73 .\.s.p.o .o.l.s.s [0010] 00 00 00 ... [2012/08/30 15:27:53.057657, 3] smbd/process.c:1467(switch_message) switch message SMBntcreateX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.057794, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.057920, 10] smbd/nttrans.c:500(reply_ntcreate_and_X) reply_ntcreate_and_X: flags = 0x10, access_mask = 0x12019f file_attributes = 0x0, share_access = 0x7, create_disposition = 0x1 create_options = 0x400040 root_dir_fid = 0x0, fname = spoolss [2012/08/30 15:27:53.058042, 4] smbd/nttrans.c:288(nt_open_pipe) nt_open_pipe: Opening pipe \spoolss. [2012/08/30 15:27:53.058167, 5] smbd/files.c:140(file_new) allocated file structure 13661, fnum = 17757 (1 used) [2012/08/30 15:27:53.058290, 10] smbd/files.c:705(file_name_hash) file_name_hash: /tmp/spoolss hash 0x7d4e46e5 [2012/08/30 15:27:53.058430, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \spoolss [2012/08/30 15:27:53.058572, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \spoolss [2012/08/30 15:27:53.058689, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \spoolss [2012/08/30 15:27:53.058820, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \spoolss (pipes_open=0) [2012/08/30 15:27:53.058956, 5] smbd/nttrans.c:377(do_ntcreate_pipe_open) do_ntcreate_pipe_open: open pipe = \spoolss [2012/08/30 15:27:53.062128, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 72 [2012/08/30 15:27:53.062460, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x48 [2012/08/30 15:27:53.062583, 3] smbd/process.c:1662(process_smb) Transaction 38 of length 76 (0 toread) [2012/08/30 15:27:53.062702, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.062764, 5] lib/util.c:342(show_msg) size=72 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7489 smt_wct=15 smb_vwv[ 0]= 4 (0x4) smb_vwv[ 1]= 0 (0x0) smb_vwv[ 2]= 2 (0x2) smb_vwv[ 3]= 24 (0x18) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 4 (0x4) smb_vwv[10]= 68 (0x44) smb_vwv[11]= 0 (0x0) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 1 (0x1) smb_vwv[14]= 7 (0x7) smb_bcc=7 [2012/08/30 15:27:53.065224, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 5D 45 ED 03 ...]E.. [2012/08/30 15:27:53.065364, 3] smbd/process.c:1467(switch_message) switch message SMBtrans2 (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.065501, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.065739, 9] smbd/trans2.c:935(send_trans2_replies) t2_rep: params_sent_thistime = 2, data_sent_thistime = 24, useable_space = 131010 [2012/08/30 15:27:53.065863, 9] smbd/trans2.c:937(send_trans2_replies) t2_rep: params_to_send = 2, data_to_send = 24, paramsize = 2, datasize = 24 [2012/08/30 15:27:53.065981, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.066043, 5] lib/util.c:342(show_msg) size=84 smb_com=0x32 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7489 smt_wct=10 smb_vwv[ 0]= 2 (0x2) smb_vwv[ 1]= 24 (0x18) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 2 (0x2) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 24 (0x18) smb_vwv[ 7]= 60 (0x3C) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=29 [2012/08/30 15:27:53.067480, 10] ../lib/util/util.c:415(dump_data) [0000] 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 01 00 00 00 01 00 00 00 ........ ..... [2012/08/30 15:27:53.069332, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 224 [2012/08/30 15:27:53.069591, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0xe0 [2012/08/30 15:27:53.069710, 3] smbd/process.c:1662(process_smb) Transaction 39 of length 228 (0 toread) [2012/08/30 15:27:53.069827, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.069888, 5] lib/util.c:342(show_msg) size=224 smb_com=0x2f smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7553 smt_wct=14 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17757 (0x455D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]=65535 (0xFFFF) smb_vwv[ 6]=65535 (0xFFFF) smb_vwv[ 7]= 8 (0x8) smb_vwv[ 8]= 160 (0xA0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 160 (0xA0) smb_vwv[11]= 64 (0x40) smb_vwv[12]= 0 (0x0) smb_vwv[13]= 0 (0x0) smb_bcc=161 [2012/08/30 15:27:53.072100, 10] ../lib/util/util.c:415(dump_data) [0000] EE 05 00 0B 03 10 00 00 00 A0 00 00 00 02 00 00 ........ ........ [0010] 00 B8 10 B8 10 00 00 00 00 03 00 00 00 00 00 01 ........ ........ [0020] 00 78 56 34 12 34 12 CD AB EF 00 01 23 45 67 89 .xV4.4.. ....#Eg. [0030] AB 01 00 00 00 04 5D 88 8A EB 1C C9 11 9F E8 08 ......]. ........ [0040] 00 2B 10 48 60 02 00 00 00 01 00 01 00 78 56 34 .+.H`... .....xV4 [0050] 12 34 12 CD AB EF 00 01 23 45 67 89 AB 01 00 00 .4...... #Eg..... [0060] 00 33 05 71 71 BA BE 37 49 83 19 B5 DB EF 9C CC .3.qq..7 I....... [0070] 36 01 00 00 00 02 00 01 00 78 56 34 12 34 12 CD 6....... .xV4.4.. [0080] AB EF 00 01 23 45 67 89 AB 01 00 00 00 2C 1C B7 ....#Eg. .....,.. [0090] 6C 12 98 40 45 03 00 00 00 00 00 00 00 01 00 00 l..@E... ........ [00A0] 00 . [2012/08/30 15:27:53.073391, 3] smbd/process.c:1467(switch_message) switch message SMBwriteX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.073636, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.073892, 6] smbd/pipes.c:300(reply_pipe_write_and_X) reply_pipe_write_and_X: 455d name: spoolss len: 160 [2012/08/30 15:27:53.074015, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 160 [2012/08/30 15:27:53.074134, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 160 [2012/08/30 15:27:53.074251, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 160 [2012/08/30 15:27:53.074368, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 160, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.074485, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.074602, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.074718, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 144 [2012/08/30 15:27:53.074854, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.074970, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 144 [2012/08/30 15:27:53.075086, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 144, incoming data = 144 [2012/08/30 15:27:53.075204, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.075361, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00a0 (160) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x03 (3) ctx_list: ARRAY(3) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) ctx_list: struct dcerpc_ctx_list context_id : 0x0001 (1) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 71710533-beba-4937-8319-b5dbef9ccc36 if_version : 0x00000001 (1) ctx_list: struct dcerpc_ctx_list context_id : 0x0002 (2) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345678-1234-abcd-ef00-0123456789ab if_version : 0x00000001 (1) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 6cb71c2c-9812-4540-0300-000000000000 if_version : 0x00000001 (1) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.078634, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 11 [2012/08/30 15:27:53.078757, 3] rpc_server/srv_pipe.c:889(api_pipe_bind_req) api_pipe_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.078875, 5] rpc_server/srv_pipe.c:923(api_pipe_bind_req) api_pipe_bind_req: make response. 923 [2012/08/30 15:27:53.078992, 3] rpc_server/srv_pipe.c:339(check_bind_req) check_bind_req for \spoolss [2012/08/30 15:27:53.079112, 3] rpc_server/srv_pipe.c:346(check_bind_req) check_bind_req: \PIPE\spoolss -> \PIPE\spoolss [2012/08/30 15:27:53.079239, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x000053f0 (21488) secondary_address_size : 0x000e (14) secondary_address : '\PIPE\spoolss' _pad1 : DATA_BLOB length=0 num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 [2012/08/30 15:27:53.081473, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 144 [2012/08/30 15:27:53.081619, 3] smbd/pipes.c:361(pipe_write_andx_done) writeX-IPC nwritten=160 [2012/08/30 15:27:53.082724, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 59 [2012/08/30 15:27:53.082899, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x3b [2012/08/30 15:27:53.083018, 3] smbd/process.c:1662(process_smb) Transaction 40 of length 63 (0 toread) [2012/08/30 15:27:53.083145, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.083207, 5] lib/util.c:342(show_msg) size=59 smb_com=0x2e smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=65279 smb_uid=100 smb_mid=7617 smt_wct=12 smb_vwv[ 0]= 255 (0xFF) smb_vwv[ 1]=57054 (0xDEDE) smb_vwv[ 2]=17757 (0x455D) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 1024 (0x400) smb_vwv[ 6]= 1024 (0x400) smb_vwv[ 7]=65535 (0xFFFF) smb_vwv[ 8]=65535 (0xFFFF) smb_vwv[ 9]= 1024 (0x400) smb_vwv[10]= 0 (0x0) smb_vwv[11]= 0 (0x0) smb_bcc=0 [2012/08/30 15:27:53.084782, 10] ../lib/util/util.c:415(dump_data) [2012/08/30 15:27:53.084858, 3] smbd/process.c:1467(switch_message) switch message SMBreadX (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.085022, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.085147, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.085271, 10] rpc_server/srv_pipe_hnd.c:325(read_from_internal_pipe) read_from_pipe: \spoolss: current_pdu_len = 68, current_pdu_sent = 0 returning 68 bytes. [2012/08/30 15:27:53.085479, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 29 [2012/08/30 15:27:53.085615, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 68 bytes. There is no more data outstanding [2012/08/30 15:27:53.085738, 3] smbd/pipes.c:485(pipe_read_andx_done) readX-IPC min=1024 max=1024 nread=68 [2012/08/30 15:27:53.086609, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 292 [2012/08/30 15:27:53.086823, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x124 [2012/08/30 15:27:53.086943, 3] smbd/process.c:1662(process_smb) Transaction 41 of length 296 (0 toread) [2012/08/30 15:27:53.087060, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.087122, 5] lib/util.c:342(show_msg) size=292 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7681 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 208 (0xD0) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 208 (0xD0) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0x26) smb_vwv[15]=17757 (0x455D) smb_bcc=225 [2012/08/30 15:27:53.089874, 10] ../lib/util/util.c:415(dump_data) [0000] 00 5C 00 50 00 49 00 50 00 45 00 5C 00 00 00 00 .\.P.I.P .E.\.... [0010] 00 05 00 00 03 10 00 00 00 D0 00 00 00 02 00 00 ........ ........ [0020] 00 B8 00 00 00 00 00 45 00 00 00 02 00 11 00 00 .......E ........ [0030] 00 00 00 00 00 11 00 00 00 5C 00 5C 00 6F 00 72 ........ .\.\.o.r [0040] 00 61 00 6E 00 67 00 65 00 5C 00 48 00 50 00 5F .a.n.g.e .\.H.P._ [0050] 00 34 00 35 00 31 00 35 00 00 00 00 00 00 00 00 .4.5.1.5 ........ [0060] 00 00 00 00 00 00 00 00 00 08 00 00 00 01 00 00 ........ ........ [0070] 00 01 00 00 00 04 00 02 00 28 00 00 00 08 00 02 ........ .(...... [0080] 00 0C 00 02 00 B1 1D 00 00 03 00 00 00 00 00 00 ........ ........ [0090] 00 09 00 00 00 07 00 00 00 00 00 00 00 07 00 00 ........ ........ [00A0] 00 50 00 41 00 4E 00 41 00 4D 00 41 00 00 00 00 .P.A.N.A .M.A.... [00B0] 00 12 00 00 00 00 00 00 00 12 00 00 00 41 00 43 ........ .....A.C [00C0] 00 52 00 5C 00 61 00 64 00 6D 00 69 00 6E 00 69 .R.\.a.d .m.i.n.i [00D0] 00 73 00 74 00 72 00 61 00 74 00 6F 00 72 00 00 .s.t.r.a .t.o.r.. [00E0] 00 . [2012/08/30 15:27:53.091038, 3] smbd/process.c:1467(switch_message) switch message SMBtrans (pid 3054) conn 0x7fd50c02fa20 [2012/08/30 15:27:53.091158, 4] smbd/uid.c:351(change_to_user) Skipping user change - already user [2012/08/30 15:27:53.091293, 3] smbd/ipc.c:560(handle_trans) trans <\PIPE\> data=208 params=0 setup=2 [2012/08/30 15:27:53.091414, 5] smbd/ipc.c:593(handle_trans) calling named_pipe [2012/08/30 15:27:53.091729, 3] smbd/ipc.c:511(named_pipe) named pipe command on <> name [2012/08/30 15:27:53.091854, 5] smbd/ipc.c:434(api_fd_reply) api_fd_reply [2012/08/30 15:27:53.091970, 3] smbd/ipc.c:475(api_fd_reply) Got API command 0x26 on pipe "spoolss" (pnum 455d) [2012/08/30 15:27:53.092089, 10] smbd/ipc.c:477(api_fd_reply) api_fd_reply: p:0x7fd50c02ba70 max_trans_reply: 1024 [2012/08/30 15:27:53.092207, 6] rpc_server/srv_pipe_hnd.c:520(np_write_send) np_write_send: len: 208 [2012/08/30 15:27:53.092326, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 208 [2012/08/30 15:27:53.092461, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 0, pdu_needed_len = 0, incoming data = 208 [2012/08/30 15:27:53.092579, 10] rpc_server/srv_pipe_hnd.c:50(fill_rpc_header) fill_rpc_header: data_to_copy = 208, len_needed_to_complete_hdr = 16, receive_len = 0 [2012/08/30 15:27:53.092696, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 16 [2012/08/30 15:27:53.092812, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.092928, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 0, incoming data = 192 [2012/08/30 15:27:53.093616, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 0 [2012/08/30 15:27:53.093734, 10] rpc_server/srv_pipe_hnd.c:242(write_to_internal_pipe) write_to_pipe: data_left = 192 [2012/08/30 15:27:53.093850, 10] rpc_server/srv_pipe_hnd.c:138(process_incoming_data) process_incoming_data: Start: pdu.length = 16, pdu_needed_len = 192, incoming data = 192 [2012/08/30 15:27:53.093985, 10] rpc_server/srv_pipe.c:1877(process_complete_pdu) PDU is in Little Endian format! [2012/08/30 15:27:53.094109, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00d0 (208) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x000000b8 (184) context_id : 0x0000 (0) opnum : 0x0045 (69) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=184 [0000] 00 00 02 00 11 00 00 00 00 00 00 00 11 00 00 00 ........ ........ [0010] 5C 00 5C 00 6F 00 72 00 61 00 6E 00 67 00 65 00 \.\.o.r. a.n.g.e. [0020] 5C 00 48 00 50 00 5F 00 34 00 35 00 31 00 35 00 \.H.P._. 4.5.1.5. [0030] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0040] 08 00 00 00 01 00 00 00 01 00 00 00 04 00 02 00 ........ ........ [0050] 28 00 00 00 08 00 02 00 0C 00 02 00 B1 1D 00 00 (....... ........ [0060] 03 00 00 00 00 00 00 00 09 00 00 00 07 00 00 00 ........ ........ [0070] 00 00 00 00 07 00 00 00 50 00 41 00 4E 00 41 00 ........ P.A.N.A. [0080] 4D 00 41 00 00 00 00 00 12 00 00 00 00 00 00 00 M.A..... ........ [0090] 12 00 00 00 41 00 43 00 52 00 5C 00 61 00 64 00 ....A.C. R.\.a.d. [00A0] 6D 00 69 00 6E 00 69 00 73 00 74 00 72 00 61 00 m.i.n.i. s.t.r.a. [00B0] 74 00 6F 00 72 00 00 00 t.o.r... [2012/08/30 15:27:53.096618, 10] rpc_server/srv_pipe.c:1890(process_complete_pdu) Processing packet type 0 [2012/08/30 15:27:53.096742, 10] rpc_server/srv_pipe.c:1734(dcesrv_auth_request) Checking request auth. [2012/08/30 15:27:53.096892, 5] rpc_server/srv_pipe.c:1571(api_pipe_request) Requested \PIPE\\spoolss [2012/08/30 15:27:53.097019, 4] rpc_server/srv_pipe.c:1611(api_rpcTNP) api_rpcTNP: \spoolss op 0x45 - api_rpcTNP: rpc command: SPOOLSS_OPENPRINTEREX [2012/08/30 15:27:53.097156, 6] rpc_server/srv_pipe.c:1645(api_rpcTNP) api_rpc_cmds[69].fn == 0x7fd50aec9b10 [2012/08/30 15:27:53.097303, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx in: struct spoolss_OpenPrinterEx printername : * printername : '\\orange\HP_4515' datatype : NULL devmode_ctr: struct spoolss_DevmodeContainer _ndr_size : 0x00000000 (0) devmode : NULL access_mask : 0x00000008 (8) 0: SERVER_ACCESS_ADMINISTER 0: SERVER_ACCESS_ENUMERATE 0: PRINTER_ACCESS_ADMINISTER 1: PRINTER_ACCESS_USE 0: JOB_ACCESS_ADMINISTER 0: JOB_ACCESS_READ level : 0x00000001 (1) userlevel : union spoolss_UserLevel(case 1) level1 : * level1: struct spoolss_UserLevel1 size : 0x00000028 (40) client : * client : 'PANAMA' user : * user : 'ACR\administrator' build : 0x00001db1 (7601) major : UNKNOWN_ENUM_VALUE (3) minor : SPOOLSS_MINOR_VERSION_0 (0) processor : PROCESSOR_ARCHITECTURE_AMD64 (9) checking name: \\orange\HP_4515 [2012/08/30 15:27:53.099315, 10] rpc_server/spoolss/srv_spoolss_nt.c:752(open_printer_hnd) open_printer_hnd: name [\\orange\HP_4515] [2012/08/30 15:27:53.099529, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.099789, 3] rpc_server/spoolss/srv_spoolss_nt.c:521(set_printer_hnd_printertype) Setting printer type=\\orange\HP_4515 Printer is a printer [2012/08/30 15:27:53.099990, 4] rpc_server/spoolss/srv_spoolss_nt.c:581(set_printer_hnd_name) Setting printer name=\\orange\HP_4515 (len=16) searching for [HP_4515] [2012/08/30 15:27:53.100229, 10] lib/gencache.c:183(gencache_set_data_blob) Adding cache entry with key = PRINTERNAME/HP_4515 and timeout = Thu Aug 30 15:32:53 2012 (300 seconds ahead) set_printer_hnd_name: Printer found: HP_4515 -> HP_4515 [2012/08/30 15:27:53.100557, 5] rpc_server/spoolss/srv_spoolss_nt.c:788(open_printer_hnd) 1 printer handles active [2012/08/30 15:27:53.100720, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.100947, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.101192, 4] rpc_server/spoolss/srv_spoolss_nt.c:504(get_printer_snum) short name:HP_4515 [2012/08/30 15:27:53.101358, 3] lib/access.c:338(allow_access) Allowed connection from 192.168.30.50 (192.168.30.50) [2012/08/30 15:27:53.105633, 3] ../libcli/security/dom_sid.c:208(dom_sid_parse_endp) string_to_sid: SID root is not in a valid format [2012/08/30 15:27:53.105834, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: ACR\root => domain=[ACR], name=[root] [2012/08/30 15:27:53.105985, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.106125, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.106252, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.106392, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.106522, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.106658, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.106920, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(uid=root)(objectclass=sambaSamAccount))], scope => [2] [2012/08/30 15:27:53.108625, 4] passdb/pdb_ldap.c:1581(ldapsam_getsampwnam) ldapsam_getsampwnam: Unable to locate user [root] count=0 [2012/08/30 15:27:53.108829, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.108973, 4] smbd/sec_ctx.c:214(push_sec_ctx) push_sec_ctx(10000, 513) : sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.109133, 4] smbd/uid.c:460(push_conn_ctx) push_conn_ctx(100) : conn_ctx_stack_ndx = 0 [2012/08/30 15:27:53.109273, 4] smbd/sec_ctx.c:314(set_sec_ctx) setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1 [2012/08/30 15:27:53.109417, 5] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2012/08/30 15:27:53.109561, 5] auth/token_util.c:527(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2012/08/30 15:27:53.109789, 5] lib/smbldap.c:1439(smbldap_search_ext) smbldap_search_ext: base => [dc=acr,dc=lab], filter => [(&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root)))], scope => [2] [2012/08/30 15:27:53.112183, 4] passdb/pdb_ldap.c:2543(ldapsam_getgroup) ldapsam_getgroup: Did not find group, filter was (&(objectClass=sambaGroupMapping)(|(displayName=root)(cn=root))) [2012/08/30 15:27:53.112455, 4] smbd/sec_ctx.c:422(pop_sec_ctx) pop_sec_ctx (10000, 513) - sec_ctx_stack_ndx = 0 [2012/08/30 15:27:53.112595, 10] passdb/lookup_sid.c:76(lookup_name) lookup_name: Unix User\root => domain=[Unix User], name=[root] [2012/08/30 15:27:53.112720, 10] passdb/lookup_sid.c:77(lookup_name) lookup_name: flags = 0x073 [2012/08/30 15:27:53.112873, 5] lib/username.c:171(Get_Pwnam_alloc) Finding user root [2012/08/30 15:27:53.113006, 5] lib/username.c:116(Get_Pwnam_internals) Trying _Get_Pwnam(), username as lowercase is root [2012/08/30 15:27:53.113167, 5] lib/username.c:149(Get_Pwnam_internals) Get_Pwnam_internals did find user [root]! [2012/08/30 15:27:53.113295, 10] smbd/share_access.c:241(user_ok_token) user_ok_token: share HP_4515 is ok for unix user administrator [2012/08/30 15:27:53.113432, 4] rpc_server/spoolss/srv_spoolss_nt.c:1923(_spoolss_OpenPrinterEx) Setting printer access = PRINTER_ACCESS_USE [2012/08/30 15:27:53.113565, 4] rpc_server/rpc_ncacn_np.c:132(make_internal_rpc_pipe_p) Create pipe requested \winreg [2012/08/30 15:27:53.113709, 10] rpc_server/rpc_handles.c:116(init_pipe_handles) init_pipe_handle_list: created handle list for pipe \winreg [2012/08/30 15:27:53.113835, 10] rpc_server/rpc_handles.c:133(init_pipe_handles) init_pipe_handle_list: pipe_handles ref count = 1 for pipe \winreg [2012/08/30 15:27:53.113994, 4] rpc_server/rpc_ncacn_np.c:176(make_internal_rpc_pipe_p) Created internal pipe \winreg (pipes_open=0) [2012/08/30 15:27:53.114165, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM in: struct winreg_OpenHKLM system_name : NULL access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.115045, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HKLM] [2012/08/30 15:27:53.115188, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (2->3) [2012/08/30 15:27:53.115315, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM] [2012/08/30 15:27:53.115435, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM] [2012/08/30 15:27:53.115642, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.115780, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM] [2012/08/30 15:27:53.115965, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM] [2012/08/30 15:27:53.116105, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.116436, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[1] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.116661, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenHKLM: struct winreg_OpenHKLM out: struct winreg_OpenHKLM handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.117230, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey in: struct winreg_OpenKey parent_handle : * parent_handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 keyname: struct winreg_String name_len : 0x0088 (136) name_size : 0x0088 (136) name : * name : 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515' options : 0x00000000 (0) 0: REG_OPTION_VOLATILE 0: REG_OPTION_CREATE_LINK 0: REG_OPTION_BACKUP_RESTORE 0: REG_OPTION_OPEN_LINK access_mask : 0x02000000 (33554432) 0: KEY_QUERY_VALUE 0: KEY_SET_VALUE 0: KEY_CREATE_SUB_KEY 0: KEY_ENUMERATE_SUB_KEYS 0: KEY_NOTIFY 0: KEY_CREATE_LINK 0: KEY_WOW64_64KEY 0: KEY_WOW64_32KEY [2012/08/30 15:27:53.118959, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.119199, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [SOFTWARE] [2012/08/30 15:27:53.119324, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (3->4) [2012/08/30 15:27:53.119463, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE] [2012/08/30 15:27:53.119647, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE] [2012/08/30 15:27:53.119786, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.119922, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE] [2012/08/30 15:27:53.120080, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE] [2012/08/30 15:27:53.120252, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Microsoft] [2012/08/30 15:27:53.120377, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (4->5) [2012/08/30 15:27:53.120500, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.120637, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.120775, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.120911, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.121085, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft] [2012/08/30 15:27:53.121251, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Windows NT] [2012/08/30 15:27:53.121401, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (5->6) [2012/08/30 15:27:53.121545, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.121681, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.121817, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.121946, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.122104, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT] [2012/08/30 15:27:53.122256, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [CurrentVersion] [2012/08/30 15:27:53.122381, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (6->7) [2012/08/30 15:27:53.122520, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.122668, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.122793, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.122914, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion] [2012/08/30 15:27:53.123076, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Print] [2012/08/30 15:27:53.123201, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (7->8) [2012/08/30 15:27:53.123341, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.123472, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.124092, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.124234, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b776320 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print] [2012/08/30 15:27:53.124416, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [Printers] [2012/08/30 15:27:53.124557, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (8->9) [2012/08/30 15:27:53.124699, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.124830, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.124974, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.125103, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.125266, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers] [2012/08/30 15:27:53.125451, 7] registry/reg_api.c:141(regkey_open_onelevel) regkey_open_onelevel: name = [HP_4515] [2012/08/30 15:27:53.125594, 10] registry/reg_backend_db.c:583(regdb_open) regdb_open: incrementing refcount (9->10) [2012/08/30 15:27:53.125720, 10] registry/reg_cachehook.c:122(reghook_cache_find) reghook_cache_find: Searching for keyname [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.125856, 10] lib/adt_tree.c:367(pathtree_find) pathtree_find: Enter [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.125993, 10] lib/adt_tree.c:440(pathtree_find) pathtree_find: Exit [2012/08/30 15:27:53.126128, 10] registry/reg_cachehook.c:127(reghook_cache_find) reghook_cache_find: found ops 0x7fd50b775f80 for key [\HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.126285, 10] registry/reg_backend_db.c:1926(regdb_get_secdesc) regdb_get_secdesc: Getting secdesc of key [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515] [2012/08/30 15:27:53.126427, 10] ../libcli/security/access_check.c:178(se_access_check) se_access_check: MAX desired = 0x2000000, granted = 0xf003f, remaining = 0xf003f [2012/08/30 15:27:53.126568, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (10->9) [2012/08/30 15:27:53.126731, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (9->8) [2012/08/30 15:27:53.126869, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (8->7) [2012/08/30 15:27:53.127022, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (7->6) [2012/08/30 15:27:53.127152, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (6->5) [2012/08/30 15:27:53.127289, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (5->4) [2012/08/30 15:27:53.127428, 4] rpc_server/rpc_handles.c:197(create_rpc_handle_internal) Opened policy hnd[2] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.127654, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_OpenKey: struct winreg_OpenKey out: struct winreg_OpenKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.128373, 2] rpc_client/cli_winreg_spoolss.c:898(winreg_create_printer) winreg_create_printer: Skipping, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP_4515 already exists [2012/08/30 15:27:53.128532, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002d-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.129008, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.129355, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2D 00 00 00 00 00 00 00 3F 50 B9 BE ....-... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.129606, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.129728, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (4->3) [2012/08/30 15:27:53.129866, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.130444, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey in: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002c-0000-0000-3f50-b9beee0b0000 [2012/08/30 15:27:53.130901, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.131117, 4] rpc_server/rpc_handles.c:232(find_policy_by_hnd_internal) Found policy hnd[0] [0000] 00 00 00 00 2C 00 00 00 00 00 00 00 3F 50 B9 BE ....,... ....?P.. [0010] EE 0B 00 00 .... [2012/08/30 15:27:53.131345, 3] rpc_server/rpc_handles.c:281(close_policy_hnd) Closed policy [2012/08/30 15:27:53.131475, 10] registry/reg_backend_db.c:619(regdb_close) regdb_close: decrementing refcount (3->2) [2012/08/30 15:27:53.131622, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) winreg_CloseKey: struct winreg_CloseKey out: struct winreg_CloseKey handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : WERR_OK [2012/08/30 15:27:53.132208, 1] ../librpc/ndr/ndr.c:284(ndr_print_function_debug) spoolss_OpenPrinterEx: struct spoolss_OpenPrinterEx out: struct spoolss_OpenPrinterEx handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 0000002b-0000-0000-3f50-b9beee0b0000 result : WERR_OK [2012/08/30 15:27:53.132797, 5] rpc_server/srv_pipe.c:1679(api_rpcTNP) api_rpcTNP: called \spoolss successfully [2012/08/30 15:27:53.132951, 10] rpc_server/srv_pipe_hnd.c:247(write_to_internal_pipe) write_to_pipe: data_used = 192 [2012/08/30 15:27:53.133097, 6] rpc_server/srv_pipe_hnd.c:284(read_from_internal_pipe) name: \spoolss len: 1024 [2012/08/30 15:27:53.133230, 10] rpc_server/srv_pipe_hnd.c:346(read_from_internal_pipe) read_from_pipe: \spoolss: fault_state = 0 : data_sent_length = 0, p->out_data.rdata.length = 24. [2012/08/30 15:27:53.133365, 1] ../librpc/ndr/ndr.c:247(ndr_print_debug) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 2B 00 00 00 00 00 00 00 3F 50 B9 BE ....+... ....?P.. [0010] EE 0B 00 00 00 00 00 00 ........ [2012/08/30 15:27:53.134972, 3] rpc_server/srv_pipe_hnd.c:121(free_pipe_context) free_pipe_context: destroying talloc pool of size 1460 [2012/08/30 15:27:53.135137, 10] rpc_server/rpc_handles.c:307(close_policy_by_pipe) close_policy_by_pipe: deleted handle list for pipe \winreg [2012/08/30 15:27:53.135303, 10] rpc_server/srv_pipe_hnd.c:788(np_read_recv) Received 48 bytes. There is no more data outstanding [2012/08/30 15:27:53.135442, 5] smbd/ipc.c:62(copy_trans_params_and_data) copy_trans_params_and_data: params[0..0] data[0..48] (align 0) [2012/08/30 15:27:53.135621, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.135701, 5] lib/util.c:342(show_msg) size=104 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=136 smb_flg2=51203 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7681 smt_wct=10 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 48 (0x30) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 0 (0x0) smb_vwv[ 4]= 56 (0x38) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 48 (0x30) smb_vwv[ 7]= 56 (0x38) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_bcc=49 [2012/08/30 15:27:53.137281, 10] ../lib/util/util.c:415(dump_data) [0000] 00 05 00 02 03 10 00 00 00 30 00 00 00 02 00 00 ........ .0...... [0010] 00 18 00 00 00 00 00 00 00 00 00 00 00 2B 00 00 ........ .....+.. [0020] 00 00 00 00 00 3F 50 B9 BE EE 0B 00 00 00 00 00 .....?P. ........ [0030] 00 . [2012/08/30 15:27:53.140284, 10] lib/util_sock.c:519(read_smb_length_return_keepalive) got smb length of 4240 [2012/08/30 15:27:53.140517, 6] smbd/process.c:1660(process_smb) got message type 0x0 of len 0x1090 [2012/08/30 15:27:53.140651, 3] smbd/process.c:1662(process_smb) Transaction 42 of length 4244 (0 toread) [2012/08/30 15:27:53.140798, 5] lib/util.c:332(show_msg) [2012/08/30 15:27:53.140878, 5] lib/util.c:342(show_msg) size=4240 smb_com=0x25 smb_rcls=0 smb_reh=0 smb_err=0 smb_flg=24 smb_flg2=51207 smb_tid=1 smb_pid=1080 smb_uid=100 smb_mid=7745 smt_wct=16 smb_vwv[ 0]= 0 (0x0) smb_vwv[ 1]= 4156 (0x103C) smb_vwv[ 2]= 0 (0x0) smb_vwv[ 3]= 1024 (0x400) smb_vwv[ 4]= 0 (0x0) smb_vwv[ 5]= 0 (0x0) smb_vwv[ 6]= 0 (0x0) smb_vwv[ 7]= 0 (0x0) smb_vwv[ 8]= 0 (0x0) smb_vwv[ 9]= 0 (0x0) smb_vwv[10]= 84 (0x54) smb_vwv[11]= 4156 (0x103C) smb_vwv[12]= 84 (0x54) smb_vwv[13]= 2 (0x2) smb_vwv[14]= 38 (0